Data Breach at Splash Car Wash

By Leslie Yager

An email that went to Splash Car Wash patrons from Mark Curtis, Founder and CEO of Splash Car Wash, apologized for a data security breach that resulted in the compromise of their credit card information.

Curtis described the breach as “not unlike the data security breaches that have afflicted many in our industry and a large number of retailers across the world.”

According to Curtis the breach occurred between Feb 28 and May 16, 2014 and has impacted approximately 1,400 of Splash’s 400,000 patrons at six locations in Connecticut, limited to Fairfield, Cos Cob, Shelton, Greenwich, Bridgeport and West Haven.

Curtis urged customers to check their credit card accounts for fraudulent activity. On Splash’s part, Curtis said that once his company became aware of the problem they engaged a third-party forensic investigation and sought guidance from banking institutions. Since the breach, the company replaced its credit card systems with card readers “verified as safe and provided by banking institutions.”

The data of customers with unlimited plans was not affected by the breach according to Curtis, because that data was encrypted.

Splash is working with the US Secret Service and local law enforcement as part of a larger ongoing federal investigation to determine the criminal(s) who installed malware to gain unauthorized outside access to credit card information.

Customers with questions were offered a toll-free number (800) 927-4489.