UPS Confirms Data Breach

• By Matt Holden
• Aug 22, 2014

UPS has confirmed that it found malware on payment terminals in 51 of its franchised stores and that customer names, postal addresses, email addresses and payment card information may have been stolen. The nationwide parcel shipper did not reveal how many card records might have been compromised and said it has no reason to suspect any fraud has happened using the stolen information.

A government warning about possible malware places on retail point of sale terminals led the firm to make an initial check, which revealed the unauthorized software. According to one story, the firm reported cards used at the 51 locations between Jan. 20, 2014 and Aug. 11, 2014 may have been compromised but that the risk of exposure at most of the UPS stores increased after March 26, 2014. UPS did not say why those stores experienced additional risk after that date.

24 states are included in the breach, and the number of stores represents 1% of its 4,470 franchised stores.

“As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident,” said Tim Davis, president of The UPS Store Inc., in a statement.