Hospitals, retail stores, schools, and now parking garages: no business or organization seems to be immune to the effects of hacking. Annapolis, Maryland, residents are now learning about the extent of a recent data breach that seems to have affected three of the city’s parking garages, stealing customer credit card information.

SP+ Municipal Services’ servers were found to be infected with malware earlier in June, and the company immediately switched to cash-only payments for three locations, the Noah Hillman, Gott’s Court and Knighton Garages. In keeping with regulations, the company informed the Maryland Attorney General’s office, then began the process of informing consumers who may have been affected by the breach.

While it might seem like a case of “another day, another data breach,” this incident actually speaks to the progress that agencies have made in spreading the word about hacking, data breaches, and identity theft. An incident like this one once took months of investigation before it was even fully discovered, and then even longer before word finally reached consumers. While the time frame for the breach to impact consumers is believed to span all the way back to December 2015, the suspicious activity was discovered on the servers on June 11th; cardholders were notified ten days later, after the necessary reports to the state government were made.

Any time that news of a data breach makes headlines, it’s a good time to understand what to do when you’re notified of the incident. If you receive a data breach notification letter, make sure you look over it very carefully in order to understand what information was stolen. In this case, only credit card information (numbers, cardholders’ names, and security codes from the back of the card) seems to have been stolen; banks will issue new cards and the cardholders will update their other accounts. But if your personal identifiable information like Social Security numbers and birthdates is stolen, you’ll need to monitor your credit reports for other suspicious activity. In any case, save the copy of your notification letter as proof that your information was accessed in a data breach in case you need to prove that later on.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.