UPS Stores Acknowledge Customer Data Breach

The UPS Store acknowledged that an internal assessment revealed malware was present on computer systems in 51 of its stores. The threat has been eliminated as of Aug. 11, and no fraud has been reported.

After a government bulletin alerted the store to a malware intrusion that targeted U.S. retailers, The UPS Store immediately launched an internal review, added system enhancements and hired an IT security firm, which helped it to detect that out of its 4,470 stores, 51 across 24 states were affected.

The malware was limited to about 1 percent of its stores. Since each store is a franchise and has an independent private network, The UPS Store is certain the malware was isolated to 51 stores. The earliest date of an intrusion is Jan. 20, but the exposure to the malware in most stores seems to be after March 26.

"Your trust is important to us," Tim Davis, The UPS Store's president, said in a letter to customers. "Based on the investigation, we feel it is critical to notify our customers of the potential data compromise. We are offering identity protection and credit monitoring services to those customers who made a purchase at one of the impacted locations during the applicable time period.

"Please know we take our responsibility to protect customer information seriously and have committed extensive resources to addressing this incident," he added. "We understand this type of incident can be disruptive and apologize for any anxiety this may have caused."

The UPS Store indicates customer information, such as names, postal addresses, email addresses and payment card information, may have been exposed. Anywhere from one to four stores in the following states were affected: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia, Washington. To see the full list of affected stores and the estimated date of malware intrusion, visit http://www.theupsstore.com/security.