The shipping company UPS announced this week that hackers infiltrated its system and could have compromised the credit card information of customers at more than 50 of its stores.
According to UPS Inc.’s news release, customers who used their credit or debit card at 51 UPS locations in 24 states, which accounts for about 1 percent of its stores, from January 20 through early August could have private information exposed. The malware causing the issue was taken off the systems by August 11 and UPS assured customers that they can now “shop securely.”
“I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance,” President Tim Davis said in a statement. “As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident.”
Information that could have been exposed included names, postal and email addresses, and payment information. UPS stated that not all of this information was necessarily exposed for each customer who shopped at these stores.
Thus far, no fraud has been reported from the exposure, according to UPS. Even still, the company is providing identity protection and other monitoring for customers who might have been affected.
“We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports,” Davis said in a letter to customers. “If you believe your credit or debit card was impacted by this incident, you should immediately contact your payment card issuer or bank.”
Watch KOLO-TV’s report about the breach:
The New York Times pointed out that the malware affecting UPS is similar to that compromising systems at other stores like Target, Michaels and Neiman Marcus:
In each case, criminals scanned for tools that typically allow employees and vendors to work remotely, then broke into them and used their foothold to install malware on retailers’ systems. That malware, in turn, fed customers’ payment details back to the hackers’ computer servers.
The same group of criminals in Eastern Europe is believed to be behind the earlier attacks, according to several people briefed on the results of forensics investigations who were not allowed to speak publicly because of nondisclosure agreements.
UPS Store locations that experienced compromised systems can be found here.