Printed from http://www.electronista.com

UPS Stores hit by 'malware intrusion,' customer data possibly exposed

updated 03:30 pm EDT, Thu August 21, 2014

Stores in 24 states affected by breach, spanned up to seven months in some cases

The UPS Store chain of delivery and packaging facilities has reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff," according to the New York Times.

After the company received the bulletin, it hired a security firm to look into its systems -- only to find that some of its 4,470 franchise locations were infected. A total of 51 stores in 24 states were hit with the malware, including Arizona, California, Colorado, Georgia and North Carolina. Digging deeper into the security breach, UPS Stores found that some of the stores saw the initial intrusion as early as January 20. While most intrusions weren't shown until March, the malware wasn't eliminated until August 11.

President of The UPS Store Tim Davis says that the company has "implemented various system enhancements and antivirus updates" since the attack was discovered. At this time, the company doesn't know of any reports of fraud as a result of the intrusion. However, the company is notifying customers that were potentially impacted by the system breach.

In the course of the breach, the chain believes that customers' information could have been exposed. This includes names, physical addresses, email address and potentially credit and debit card information. However, the company adds that not all customers may have had all of the information pieces exposed. As a result, the company is giving customers that were affected by the malware intrusion a free year of credit monitoring and identity protection through AllClearID.

"Please know we take our responsibility to protect customer information seriously, and have committed extensive resources to addressing this incident," said Davis. "We understand this type of incident can be disruptive, and apologize for any anxiety this may have caused."

A list of all of the stores affected by the breach is available at the UPS Store page. Customers that did business with any of 51 stores in the seven-month window are urged to contact the company. The company states that it doesn't have enough information to contact customers in some cases if a credit or debit card was used.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Grendelmon

    Dedicated MacNNer

    Joined: 12-26-07

    I don't understand why a major corporation would have to hire a security firm to analyze it's own systems. What exactly does their I.T. department do?

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    Contrary to popular belief, having even a "large" IT department doesn't necessarily mean you have the personnel with the necessary skills to perform competent forensic analysis of a security breach.
    One might argue it's just as specialized as network engineering, but the bottom line is that most companies don't spend the resources to maintain the skill set of a full security department, since the need is (has been) seen as rare.
    Financially, it would appear better to outsource the initial security assessment and remediation of your network security, and revisit that process regularly, than to keep a department staffed and trained for competent forensic analysis.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Blue's Mikey Digital

Blue Microphones, a company that makes some of the most popular digital USB microphones among podcasters and musicians, has for some t ...

Sponsor

toggle

Most Commented

 
toggle

Popular News