UPS Stores Acknowledge Customer Data Breach
The UPS Store acknowledged that an internal assessment revealed malware was present on computer systems in 51 of its stores. The threat has been eliminated as of Aug. 11, and no fraud has been reported.
After a government bulletin alerted the store to a malware intrusion that targeted U.S. retailers, The UPS Store immediately launched an internal review, added system enhancements and hired an IT security firm, which helped it to detect that out of its 4,470 stores, 51 across 24 states were affected.
The malware was limited to about 1 percent of its stores. Since each store is a franchise and has an independent private network, The UPS Store is certain the malware was isolated to 51 stores. The earliest date of an intrusion is Jan. 20, but the exposure to the malware in most stores seems to be after March 26.
"Your trust is important to us," Tim Davis, The UPS Store's president, said in a letter to customers. "Based on the investigation, we feel it is critical to notify our customers of the potential data compromise. We are offering identity protection and credit monitoring services to those customers who made a purchase at one of the impacted locations during the applicable time period.
"Please know we take our responsibility to protect customer information seriously and have committed extensive resources to addressing this incident," he added. "We understand this type of incident can be disruptive and apologize for any anxiety this may have caused."
The UPS Store indicates customer information, such as names, postal addresses, email addresses and payment card information, may have been exposed. Anywhere from one to four stores in the following states were affected: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia, Washington. To see the full list of affected stores and the estimated date of malware intrusion, visit http://www.theupsstore.com/security.
In addition to The UPS Store, other large companies have recently had their networks compromised, according to CNN Money.
"Just last week, Albertson's and SuperValu announced that hackers broke into their credit and debit card payment networks," said CNN Money. "Target has been hit, along with Adobe, Snapchat, Michaels, Neiman Marcus, AOL and eBay.
"All in all, a CNNMoney analysis found that half of all American adults were hacked in a recent 12-month period."
If you believe you may have used a credit or debit card at an affected store, call 1-855-731-6016 or visit theupsstore.allclearid.com to see if you're eligible for The UPS Store's offer of one year of free identity protection and credit monitoring.
For more information, visit www.theupsstore.com.