United Parcel Service (UPS) has found malware at 51 franchises in 24 US states, which may have compromised customers'...
credit and debit card information, the courier firm has said.
UPS found the malware at 1% of its US franchises, after scanning its IT systems in response to a government alert about malware not identified by current antivirus software.
As a result of the malware, UPS said information belonging to customers who used a credit or debit card at the affected locations, between 20 January 2014 and 11 August 2014, may have been exposed.
However, the company said it was not aware of any reports of fraud associated with the potential data breach.
More on data breaches
- Most cyber attacks use only three methods, Verizon breach report shows
- Target CEO quits after data breach
- Sears confirms data breach investigation amid retailer data breaches
- Orange data breach underlines need for encryption, say experts
- Target data breach: Why UK business needs to pay attention
- Bitly urges users to secure accounts after security breach
- Target’s CIO resigns after massive data breach
“The malware was eliminated as of 11 August 2014 and customers can shop securely at all The UPS Store locations,” the company said in a statement.
UPS president Tim Davis said the company had “deployed extensive resources” as soon as it became aware of the malware threat, to “address and eliminate” the issue.
“Our customers can be assured we have identified and fully contained the incident," he said.
The company is offering free identity protection and credit-monitoring services to all affected customers. It also said customers should monitor their payment card accounts and report any concerns to their bank.
UPS is the latest in a string of US organisations to warn of potential data breaches, following cyber intrusions.
US hospital group Community Health Systems recently revealed that hackers had gained access to 4.5 million patient records in a cyber intrusion from April to June 2014.
News of that breach came after retailer SuperValu warned that intruders may have accessed customer account numbers and some payment card information.