A data security incident with an online vendor that manages the Ohio State Parks reservation system may have exposed consumer credit card information. However, a forensic investigation indicated that the information necessary for identity theft was not part of the data security incident, according to the Ohio Department of Natural Resources (ODNR).
The Ohio State Parks online reservation system is owned and operated by InfoSpherix, a Maryland-based company. The company experienced a malware attack, which exposed database information used in transactions from March 21 to December 22, 2010.
“ODNR takes consumer protection seriously and is confident that Ohio State Parks reservation users are protected from identity theft,” said Chief David Payne, Ohio State Parks.
“All impacted credit card companies have been notified and they have confirmed that they are carefully and continuously monitoring every credit card number for potential fraud. To date, we have received no reports of fraudulent activity."