Parking service provider SP Plus says its equipment at Evanston’s three downtown municipal parking garages was hacked to steal credit card data from drivers.

In a statement issued today, SP Plus says that the three Evanston garages, along with 10 more in Chicago and four in other cities, were affected by the security breach.

It says its payment card vendor notified it early this month that an unauthorized person had used that company’s remote access tool to connect to computers that process payment cards in the garages and install malware on the systems to steal the card data.

The company says the security breach at the Evanston garages started on Oct. 8 and that the last at-risk dates were Oct. 26 at the Church Street Garage, Nov. 1 at the Sherman Plaza Garage and Nov. 10 at the Maple Avenue garage.

SP Plus says customers who used a card at any of those locations during the at-risk period should review account statements regularly for unauthorized activity and, if they find any, contact the bank that issued the card.

It says the malware has been disabled on the affected computer servers and that SP Plus has required its vendor to convert to the use of two-factor authentication for remote access and is working with its computer security firm to implement additional security measures.

Customers with questions can call SP Plus at 877-717-0004 Monday through Friday from 7 a.m. to 7 p.m.

Bill Smith is the editor and publisher of Evanston Now.

Join the Conversation


  1. A month! Really?

    Bill – The article states that SP Plus has known about this muck-up since early November. Why has it taken them so long to let the public know about it? When did COE know? Wouldn't/shouldn't they have offered some suggestions/advice/precautionary information as soon as they were aware of it?

    I get that this seems to be a new risk factor we have encountered in the age of card readers. But what is best practice for how soon a responsible party(s) should be notifying those at risk? Perhaps I'm wrong but this seems excessive. 

  2. Monthly Pass
    Does anyone know if this affects people with automatic payments for monthly passes? I’ll be contacting them on Monday, but just curious in case someone already knows. The language in the article suggests just on-site, but one never knows.

Leave a comment
The goal of our comment policy is to make the comments section a vibrant yet civil space. Treat each other with respect — even the people you disagree with. Whenever possible, provide links to credible documentary evidence to back up your factual claims.

Your email address will not be published.