Hackers have stolen the credit and debit card data for customers at 51 UPS Store franchises in 24 states across the U.S.
A spokeswoman for the UPS told USA Today that “names, card numbers and postal and email addresses from about 100,000 transactions between Jan. 20 and Aug. 11” were exposed by malware that went undetected by the company’s defenses and anti-virus software.
About 1 percent of UPS Stores in the U.S. were affected by the security breach. The company first learned about the problem after government investigators informed them of a “broad-based malware intrusion” in its system.
The attack on UPS Stores shares much in common with recent cyberattacks on American retailers that include Target, P.F. Changs, and Albertsons grocery stores. In each of these breaches, attackers exploited holes in systems meant to allow remote work and then stole customer data for themselves.
The New York Times points to a group of Eastern European cybercriminals suspected in a wide variety of attacks on large American retailers.
“I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance,” UPS Store President Tim Davis said in a statement. “As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident.”
The company is offering a year of identity protection and credit monitoring for free to any customer who shopped at affected stores.
Photo via Michael Rivera (CC SA 3.0)