UPS Data Breach at 51 of its 4,400 Stores May Have Compromised 105,000 Customer Transactions
Notice that we said 105,000 customer transactions and not 105,000 customers? Well, that’s because while UPS knew the number of transactions, it had no idea how many customers were involved. The reason for that was the company didn’t have all cardholder data, a hassle for UPS customers who have been forced to check the UPS Store Inc.’s website to see if they shopped at an “infected” outlet. Stolen was information that included names, postal addresses, email addresses and credit- or debit-card data.
In her article on online.wsj.com (link to article), Laura Stevens says that the data breach hit UPS stores between January and August in 24 states including California, Florida, Texas and New York. The affected stores were all individually owned franchises using independent private networks.
UPS said the breach had been fixed and there was no evidence of fraud as a result of it. And, the company has set up an information website and will offer identity-protection and credit-monitoring services to any customers who have been affected.
Stevens observed that “UPS said it recently received a notification from the government alerting it to the malware, which it said wasn’t detectable by then-current antivirus software. UPS then hired a security firm to review its systems, prompting the discovery.”