State park visitors may be exposed to credit card breach

Posted March 24, 2011, at 2:13 p.m.
Last modified March 24, 2011, at 5:27 p.m.

PORTLAND, Maine — A security breach may have exposed credit card information from people who bought Maine state park passes through an online vendor used by the state Conservation Department, and the potential breach could be much larger and involve consumers in other states, Maine officials said Thursday.

The company that handled the online park pass purchases warned that a malware attack potentially exposed credit cards used in transactions last year from March 21 to Dec. 22, said conservation spokeswoman Jeanne Curran. State officials learned of the problem last month.

Notices were sent to 970 credit card holders in Maine, and no one to date has reported any fraudulent charges, Curran said.

Maine officials sought to reassure residents that the problem was limited to park passes and did not affect any other state computer operations.

“The message that I’d like to get across is that Maine.gov is secure,” said Secretary of State Charlie Summers, who serves as chairman of the board that oversees Maine.gov, the state’s official website. “Maine.gov was not breached.”

The online park pass transactions were handled by InfoSpherix, a Maryland company and subsidiary of San Diego-based Active Network. A spokeswoman had no immediate comment.

The scope of the security breach was unclear Thursday. Active Network manages online registration, payment processing, donations and transactions for businesses and organizations nationwide.

The company told Maine officials that the problem could go far beyond the state because hackers managed to breach several servers containing credit card numbers and expiration dates, said Assistant Attorney General Thom Harnett. Names associated with those cards were kept on another server, he said.

As a precaution, the Maine Attorney General’s Office alerted attorneys general in other states.

Maine officials said the number of credit cards that may have been exposed was around 1,000. State law required that notifications be mailed to card holders in Maine, and they were advised to report any suspicious activity.

 

 

SEE COMMENTS →

ADVERTISEMENT | Grow your business
ADVERTISEMENT | Grow your business

Similar Articles

More in State