Delaware River and Bay Authority has reported a possible security compromise over the summer. It involved credit and debit card data stored on certain systems at the Cape May-Lewes Ferry’s terminals and vessels.
An investigation into this incident was immediately initiated and the team, including third-party forensics experts, has been working to understand the nature and scope of the incident.
Although this investigation is ongoing, the group determined that the security of card processing systems relating to food, beverage, and retail sales at the Cape May – Lewes Ferry was compromised and some data from certain credit and debit cards that were used from September 20, 2013 to August 7, 2014 at Cape May – Lewes Ferry’s terminals and vessels may be at risk. The credit and debit card data potentially at risk includes the card number, the cardholder’s name and/or the card’s expiration date. The authority has not determined that any specific cardholder’s credit or debit card data was stolen by the intruder.
“We take the security of our customers’ personal information very seriously and work extremely hard to protect their credit and debit card data,” said Heath Gehrke, director of Ferry Operations. “Despite any company’s best efforts, intrusions can occur. With the help of professional experts, we want to understand the nature and scope of this incident so we can learn from it.”
The authority is also working with these experts to enhance the security of its credit and debit card processing systems at the Cape May-Lewes Ferry’s terminals and vessels.
Gehrke reported the food, beverage, and retail locations at the Cape May – Lewes’s terminals and vessels have been processing credit and debit card transactions securely since August 8, 2014.
Gehrke also stressed that only food, beverage, and retail sales locations were affected by the security compromise. The Cape May – Lewes Ferry reservation system, including on-line bookings and terminal point-of-sale locations, used for the purchase of vehicle or passenger tickets was not compromised.
Liability insurer for doctors announces coverage, phases out PMSLIC brand