Printed from http://www.electronista.com

UPS Stores hit by 'malware intrusion,' customer data possibly exposed

updated 03:30 pm EDT, Thu August 21, 2014

Stores in 24 states affected by breach, spanned up to seven months in some cases

The UPS Store chain of delivery and packaging facilities has reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff," according to the New York Times.

After the company received the bulletin, it hired a security firm to look into its systems -- only to find that some of its 4,470 franchise locations were infected. A total of 51 stores in 24 states were hit with the malware, including Arizona, California, Colorado, Georgia and North Carolina. Digging deeper into the security breach, UPS Stores found that some of the stores saw the initial intrusion as early as January 20. While most intrusions weren't shown until March, the malware wasn't eliminated until August 11.

President of The UPS Store Tim Davis says that the company has "implemented various system enhancements and antivirus updates" since the attack was discovered. At this time, the company doesn't know of any reports of fraud as a result of the intrusion. However, the company is notifying customers that were potentially impacted by the system breach.

In the course of the breach, the chain believes that customers' information could have been exposed. This includes names, physical addresses, email address and potentially credit and debit card information. However, the company adds that not all customers may have had all of the information pieces exposed. As a result, the company is giving customers that were affected by the malware intrusion a free year of credit monitoring and identity protection through AllClearID.

"Please know we take our responsibility to protect customer information seriously, and have committed extensive resources to addressing this incident," said Davis. "We understand this type of incident can be disruptive, and apologize for any anxiety this may have caused."

A list of all of the stores affected by the breach is available at the UPS Store page. Customers that did business with any of 51 stores in the seven-month window are urged to contact the company. The company states that it doesn't have enough information to contact customers in some cases if a credit or debit card was used.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Grendelmon

    Mac Enthusiast

    Joined: 12-26-07

    I don't understand why a major corporation would have to hire a security firm to analyze it's own systems. What exactly does their I.T. department do?

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    Contrary to popular belief, having even a "large" IT department doesn't necessarily mean you have the personnel with the necessary skills to perform competent forensic analysis of a security breach.
    One might argue it's just as specialized as network engineering, but the bottom line is that most companies don't spend the resources to maintain the skill set of a full security department, since the need is (has been) seen as rare.
    Financially, it would appear better to outsource the initial security assessment and remediation of your network security, and revisit that process regularly, than to keep a department staffed and trained for competent forensic analysis.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News