Car Wash Data Breach Could Impact Thousands

Malware apparently was installed on credit card readers at six Splash Car Wash locations in Connecticut.

Photo: Splash Car Wash.
Photo: Splash Car Wash.

The data breach at area Splash Car Washes could affect thousands of customers, according to a company official.

Splash founder and CEO Mark Curtis said in a statement "we discovered there was a confirmed external breach and we quickly eliminated the malware causing the compromise" that apparently took place during a three-month period between February and May.

Curtis told NBC Connecticut that he that about 1,400 customers have been affected by the malware issue and that he expects that number could reach 30,000.

The breach occurred from Feb. 28 to May 16, 2014 and has impacted approximately 1,400 of Splash Car Wash’s nearly 400,000 patrons so far, Curtis said in a statement posted on the Splash Car Wash website. "As a matter of personal security and practice, we encourage all patrons to be diligent in monitoring credit card and financial accounts for suspicious or fraudulent activity."

Curtis said he believes the malware targeted car washes in Cos Cob, Fairfield, Shelton, Greenwich, Bridgeport and West Haven. The company also has locations in Cheshire, Darien, Hamden, New Haven, Norwalk, Shelton, Stamford and Wilton, and three in New York — Brewster, Chappaqua and White Plains.

In his statement, Curtis said the data breach was discovered in mid-May "that resulted in the compromise of a portion of our patron’s credit card information only. Once we learned of the compromise, our team immediately communicated with banking institutions and federal investigators, in addition to conducting our own comprehensive investigation. Ultimately, we discovered there was a confirmed external breach and we quickly eliminated the malware causing the compromise."

According to Curtis, Splash hired a forensic investigator and have replaced credit card readers with equipment from banking institutions. The company also is cooperating with the U.S. Secret Service and local law enforcement as part of a larger ongoing federal investigation.

Curtis added, that customers who have unlimited plans with Splash were not affected by the breach, because all unlimited data is encrypted.

The company also has set up a toll-free information line designated specifically to assist customers with the data breach. It is 1-800-927-4489.

Igor June 27, 2014 at 07:55 AM
If it happened in mid May why has it taken over a month to tell people. Once again will anyone be held accountable?


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »