UPS Stores, a subsidiary of UPS, has discovered malware on systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States.
The UPS Store, Inc., among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion not identified by current anti-virus software. Upon receiving the bulletin, The UPS Store retained an IT security firm and conducted a review of its systems and the systems of its franchised center locations.
Based on the current assessment, certain customers’ information, who used a credit or debit card at the 51 impacted franchised center locations between January 20, 2014 and August 11, 2014, may have been exposed.
For most locations, the period of exposure to this malware began after March 26, 2014. The malware was eliminated as of August 11, 2014.
“I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance,” said Tim Davis, President The UPS Store, Inc.
“As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident,” Davis said.
Each franchised center location is individually-owned and runs independent private networks that are not connected to other franchised center locations.
The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer.
Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The company is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.