Splash Car Wash is warning patrons to check their bank accounts after a security breach compromised the credit card information of up to 30,000 customers, according to company executives.
The car wash, which operates 13 locations in Connecticut and three in New York, learned of the breach late last month.
Splash founder and CEO Mark Curtis said malware was externally implanted in the company’s card readers at the end of February. He learned of the breach when American Express alerted the car wash of a problem May 16.
According to Curtis, Splash immediately removed the malware and began using bank-issued card readers.
Curtis believes the malware targeted car washes in Fairfield, Cos Cob, Shelton, Greenwich, Bridgeport and West Haven. The company also operates locations in Cheshire, Hamden, New Haven, Wilton, Norwalk, Darien and Stamford.
At least 1,400 customers have had their information compromised, but Curtis said that number is expected to grow and could reach up to 30,000.
Curtis said the information was stolen in a fraction of a second after customers swiped their credit cards and before Splash’s system could encrypt the data.
The company has sent email alerts to 120,000 customers and urges patrons to check their credit card statements and activity. In many cases, only small charges have been made and could go undetected. Curtis believes the stolen information was sent overseas.
The Secret Service is investigating along with several credit card companies.
Curtis said Splash takes security very seriously and wants customers to feel safe doing business at the car wash.