Cyber Incident Victim: Book2Park
Date:
Dec 2014
Location:
United States of America
Summary
Book2Park.com, an online airport parking reservation service, suffered a breach by a cybercriminal group linked to previous major retail compromises, resulting in stolen customer payment cards being sold on an underground marketplace. Malicious files planted on the company's web server intercepted transaction data before encryption, though the owner confirmed their removal and cooperation with authorities after being alerted by financial institutions. The incident marked the third compromise of an online parking service by this threat actor, with stolen cards from this breach commanding higher prices—likely due to a prevalence of European bank-issued cards—compared to earlier attacks on similar businesses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2015, Book2Park.com—an online parking reservation service for U.S. airports—was identified as the latest victim of a cybercriminal group responsible for the massive Target and Home Depot breaches that compromised over 100 million payment cards. The breach came to light when a new batch of stolen credit cards labeled "Denarius" appeared for sale on Rescator[dot]cm, a cybercrime marketplace known for selling cards from those prior retail breaches. Multiple financial institutions that purchased cards from this batch confirmed a consistent pattern: all cards had been used recently by customers booking airport parking through Book2Park.com. Upon being contacted about the breach, company owner Anna Infante stated she was unaware of the card sales but disclosed that a contracted technology firm had recently discovered and removed malicious files planted on Book2Park’s web server. Infante emphasized the company had taken immediate action to address the issue, including notifying authorities and implementing additional protective measures for customers. This incident marked the third online parking service compromised by the same hacking group since December 2014, following breaches at Park ‘N Fly and OneStopParking.com.
The attackers deployed malware on Book2Park’s web server designed to intercept sensitive data entered by customers during transactions, capturing payment details before encryption. While the exact malware variant was unspecified, this method mirrored typical e-commerce compromises where malicious code monitors form submissions. Stolen Book2Park cards predominantly sold for $12-$18 on Rescator’s platform—higher than the $6-$13 range observed for cards from OneStopParking and Park ‘N Fly—likely due to a higher proportion of European bank-issued cards, which command premium prices in underground markets. Unlike physical retailer breaches yielding "dumps" (magnetic stripe data usable for cloned cards), this theft involved "CVVs" (online transaction data), limiting fraudulent use to digital purchases. No clear motive or technical commonality (hosting infrastructure, web technologies) linked the three targeted parking services. Book2Park’s breach exposed hundreds to thousands of customer cards, with financial institutions first detecting the compromise through card resale activity. The company’s public response focused on server remediation and regulatory reporting, though the full scope of data exfiltrated or the duration of server compromise remained undisclosed.