Courier firm UPS warns of potential data breach

UPS has found malware at 51 franchises in 24 US states, which may have compromised customers' credit and debit card information

United Parcel Service (UPS) has found malware at 51 franchises in 24 US states, which may have compromised customers' credit and debit card information, the courier firm has said.

UPS found the malware at 1% of its US franchises, after scanning its IT systems in response to a government alert about malware not identified by current antivirus software.

As a result of the malware, UPS said information belonging to customers who used a credit or debit card at the affected locations, between 20 January 2014 and 11 August 2014, may have been exposed.

The customer information that may have been compromised included names, postal addresses, email addresses and payment card information, said UPS.

However, the company said it was not aware of any reports of fraud associated with the potential data breach.

“The malware was eliminated as of 11 August 2014 and customers can shop securely at all The UPS Store locations,” the company said in a statement.

UPS president Tim Davis said the company had “deployed extensive resources” as soon as it became aware of the malware threat, to “address and eliminate” the issue.

“Our customers can be assured we have identified and fully contained the incident," he said.

The company is offering free identity protection and credit-monitoring services to all affected customers. It also said customers should monitor their payment card accounts and report any concerns to their bank.

UPS is the latest in a string of US organisations to warn of potential data breaches, following cyber intrusions.

US hospital group Community Health Systems recently revealed that hackers had gained access to 4.5 million patient records in a cyber intrusion from April to June 2014.  

News of that breach came after retailer SuperValu warned that intruders may have accessed customer account numbers and some payment card information.

Data breaches have also been recently reported by retailers TargetNeiman Marcus, Sears and Michaels, affecting millions of US cardholders.

Read more on Privacy and data protection