Business & Tech

Car Wash Data Breach Could Impact Thousands

Malware apparently was installed on credit card readers at six Splash Car Wash locations in Connecticut.


The data breach at area Splash Car Washes could affect thousands of customers, according to a company official.

Splash founder and CEO Mark Curtis said in a statement "we discovered there was a confirmed external breach and we quickly eliminated the malware causing the compromise" that apparently took place during a three-month period between February and May.

Curtis told NBC Connecticut that he that about 1,400 customers have been affected by the malware issue and that he expects that number could reach 30,000.

Interested in local real estate?Subscribe to Patch's new newsletter to be the first to know about open houses, new listings and more.

The breach occurred from Feb. 28 to May 16, 2014 and has impacted approximately 1,400 of Splash Car Wash’s nearly 400,000 patrons so far, Curtis said in a statement posted on the Splash Car Wash website. "As a matter of personal security and practice, we encourage all patrons to be diligent in monitoring credit card and financial accounts for suspicious or fraudulent activity."

Curtis said he believes the malware targeted car washes in Cos Cob, Fairfield, Shelton, Greenwich, Bridgeport and West Haven. The company also has locations in Cheshire, Darien, Hamden, New Haven, Norwalk, Shelton, Stamford and Wilton, and three in New York — Brewster, Chappaqua and White Plains.

Interested in local real estate?Subscribe to Patch's new newsletter to be the first to know about open houses, new listings and more.

In his statement, Curtis said the data breach was discovered in mid-May "that resulted in the compromise of a portion of our patron’s credit card information only. Once we learned of the compromise, our team immediately communicated with banking institutions and federal investigators, in addition to conducting our own comprehensive investigation. Ultimately, we discovered there was a confirmed external breach and we quickly eliminated the malware causing the compromise."

According to Curtis, Splash hired a forensic investigator and have replaced credit card readers with equipment from banking institutions. The company also is cooperating with the U.S. Secret Service and local law enforcement as part of a larger ongoing federal investigation.

Curtis added, that customers who have unlimited plans with Splash were not affected by the breach, because all unlimited data is encrypted.

The company also has set up a toll-free information line designated specifically to assist customers with the data breach. It is 1-800-927-4489.


Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.

We’ve removed the ability to reply as we work to make improvements. Learn more here