UPS data breach


UPS Stores, a sub­sidiary of United Par­cel Ser­vice, said that a se­cu­rity breach may have led to the theft of cus­tomer credit and debit data at 51 UPS fran­chises in the United States re­cently. Chelsea Lee, a UPS spokes­woman, said the company be­gan in­ves­ti­gat­ing its sys­tems for in­di­ca­tions of a se­cu­rity breach on July 31, the day The New York Times re­ported that the Depart­ment of Home­land Se­cu­rity and the Se­cret Ser­vice would be is­su­ing a bulletin warn­ing re­tail­ers that hack­ers had been scan­ning net­works for re­mote ac­cess ca­pa­bil­i­ties, then in­stalling the so-called mal­ware that was un­de­tectable by an­tivirus prod­ucts.

UPS hired an in­for­ma­tion se­cu­rity firm and dis­cov­ered that the mal­ware was on its in-store cash reg­is­ter sys­tems at 51 of its lo­ca­tions in 24 states, roughly 1 per cent of UPS’s 4,470 fran­chises through­out the United States.

In a state­ment, the company said that cus­tomers who had used their debit or credit cards at af­fected lo­ca­tions, which are listed on the UPS web­site, from Jan­uary 20 to Au­gust 11, 2014 may have been ex­posed to the mal­ware, though it said ex­po­sure be­gan after March 26 in most cases. UPS said it had elim­i­nated the mal­ware as of Au­gust 11.

“I un­der­stand this type of in­ci­dent can be dis­rup­tive and cause frus­tra­tion. I apol­o­gise for any anx­i­ety this may have caused our cus­tomers. At the UPS Store, the trust of our cus­tomers is of ut­most im­por­tance,” said Tim Davis, Pres­i­dent of the UPS Store, in a state­ment. “As soon as we be­came aware of the po­ten­tial mal­ware in­tru­sion, we de­ployed ex­ten­sive re­sources to quickly ad­dress and elim­i­nate this is­sue.”

The breach at the UPS Store is just the lat­est in a string of sim­i­lar cy­ber at­tacks on the in-store pay­ment sys­tems at ma­jor Amer­i­can cor­po­ra­tions, in­clud­ing Tar­get, P.F. Chang’s, Neiman Mar­cus, Michaels, Sally Beauty, and, most re­cently, the Su­per­valu and Al­bert­sons gro­cery stores.

In each case, crim­i­nals scanned for tools that typ­i­cally al­low em­ploy­ees and ven­dors to work re­motely, then broke into them and used their foothold to in­stall mal­ware on re­tail­ers’ sys­tems. That mal­ware, in turn, fed cus­tomers’ pay­ment de­tails back to the hack­ers’ com­puter servers.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.