Courier firm UPS warns of potential data breach

United Parcel Service (UPS) has found malware at 51 franchises in 24 US states, which may have compromised customers' credit and debit card information, the courier firm has said.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

UPS found the malware at 1% of its US franchises, after scanning its IT systems in response to a government alert about malware not identified by current antivirus software.

As a result of the malware, UPS said information belonging to customers who used a credit or debit card at the affected locations, between 20 January 2014 and 11 August 2014, may have been exposed.

The customer information that may have been compromised included names, postal addresses, email addresses and payment card information, said UPS.

However, the company said it was not aware of any reports of fraud associated with the potential data breach.

“The malware was eliminated as of 11 August 2014 and customers can shop securely at all The UPS Store locations,” the company said in a statement.

UPS president Tim Davis said the company had “deployed extensive resources” as soon as it became aware of the malware threat, to “address and eliminate” the issue.

“Our customers can be assured we have identified and fully contained the incident," he said.

The company is offering free identity protection and credit-monitoring services to all affected customers. It also said customers should monitor their payment card accounts and report any concerns to their bank.

UPS is the latest in a string of US organisations to warn of potential data breaches, following cyber intrusions.

US hospital group Community Health Systems recently revealed that hackers had gained access to 4.5 million patient records in a cyber intrusion from April to June 2014.  

News of that breach came after retailer SuperValu warned that intruders may have accessed customer account numbers and some payment card information.

Data breaches have also been recently reported by retailers Target, Neiman Marcus, Sears and Michaels, affecting millions of US cardholders.