UPS announced on Wednesday that “Customer’s information at 51 franchises in 24 states may have been exposed. the data breach was limited to about 1% of 4,470 franchised center locations throughout the United States. however data on approximately 105,000 customer transactions between January and August may have been compromised.”
UPS said a malware was responsible for this breach. The malware was able to infect their system as early as January 20, 2014. but the attack came in play after March 26th 2014.
The breach came into notice after an investigation which was setup by UPS after they received a Untied States government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. The authorities had issued a high alert bulletin in the wake of breach of Target and other online retailers. The threat was eliminated as of August 11, 2014 as soon as the breach was detected.
Customer information that may have been exposed, includes customers’ names, postal addresses, email addresses and payment card information, the company said. It also said that the UPS store has not detected any fraud arising from the incident and is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the affected center locations during the period in question.
Customers are asked to closely monitor their card account activity and report any concerns to their bank or card issuer, UPS Store does not have sufficient customer information to contact potentially affected customers directly. the list of affected stores can be seen here
Last week Grocery giants Albertsons and SUPERVALU announced a data breach which had affected US Departments stores across 18 states.