UPS Confirms Malware Breach
Nationwide parcel shipper UPS has confirmed that it found malware on payment terminals at 51 of its franchised stores and that customer names, postal addresses, email addresses and payment card information may have been stolen.
UPS did not reveal how many card records might have been compromised and said it has no reason to suspect any fraud has occurred using the stolen data.
The Atlanta-based company said that a government warning about possible malware places on retail point of sale terminals led the firm to make an initial check, which revealed the unauthorized software.
The firm reported cards used at the 51 locations between Jan. 20, 2014 and Aug. 11, 2014 may have been compromised but that the risk of exposure at most of the UPS stores increased after March 26, 2014. UPS did not say why those stores experienced additional risk after that date.
The company did not reveal the locations of the stores, but said they were found in 24 states and represented 1% of its 4,470 franchised stores.
UPS also noted that different individuals own and run each franchised center location and have independent private networks that are not connected to other franchised center locations, suggesting that this compartmentalization helped protect the company from a broader exposure.
"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store, the trust of our customers is of utmost importance," said Tim Davis, president The UPS Store Inc., in a statement.
"As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident," he added.