Up to 30,000 potentially impacted in car wash chain breach

by Charles Leaver

July 1, 2014

access_time 3 min read

Car washes may clean your cars, but when it comes to keeping your data safe, things get a little messy. Connecticut-based car wash Splash is having to learn the hard way that it's not only financial organizations and big retailers that fall victim to malicious intrusions.

A breach results in thousands of records compromised
According to NBC Connecticut, the breach occurred at the end of February 2014 after the business' payment readers were infected with malware. As a result of this point of sale attack, up to 30,000 customers could have had their personal information - including payment information - swiped.

According to The Courant, the breach has directly impacted six of the company's 13 Connecticut locations. The company put out a letter warning customers of the breach, with CEO Mark Curtis saying his business has taken measures to ensure something like this doesn't happen in the future.

"We took immediate measures to rectify [the breach]," Curtis said in the statement. "Hopefully people will come to see us and not worry about further breaches."

At least for the moment, people aren't likely to forget the incident, since, like so many breaches of its kind, it's making national headlines. In addition to providing compensatory services for everyone affected by the incident, the company will likely have to work on restoring its reputation in the public eye.

This entire situation could likely have been avoided or at least substantially minimized with better endpoint threat detection and response measures. For other businesses out there, the example of Splash Car Wash should be an important teachable moment in the value of rigorous security no matter what kind of business you do. When it comes to protecting customer data, there is no such thing as being overprepared.