The number of businesses hit by a data breach climbs at an unsettling rate everyday, too continue on that list is the United Parcel Service (UPS) which just announced 51 of its stores suffered a “broad-based malware intrusion” attack in the early spring.
The company disclosed the breach Wednesday in their press release, noting it affected franchised locations of The UPS store as well.
UPS said their company recently received a government bulletin regarding malware “not identified by current antivirus software”, which seems quite obvious, and retained an IT security firm to audit their systems. The statement redacted the name of the malware that was found to be in their system and the UPS stated this could impact any of their customers who used their credit or debit card over the time of the five month security breach.
As common with other credit and debit card data breaches, users payment card numbers, email addresses, and even postal addresses and names may have been stolen in this breach.
“I understand this type of incident can be disruptive and cause frustration,” Tim Davis, President of the UPS, said Wednesday, “I apologize for any anxiety this may have caused our customers.”
The breach was reported to have occurred for over five months ranging from January 20, stretching to August 11, but UPS notes that for a majority of locations, the malware did not take affect till after March 26.
“The malware was eliminated as of August 11, 2014 and customers can shop securely at all The UPS Store locations,” the announcement continues on.
The breach spans across 24 different states and only accounts for about one percent of the UPS 4,470 franchised locations in total. Some locations affected in the breach include California, Georgia, Nevada, New Jersey and North Carolina. UPS published a full list of affected locations alongside the timeframe the were also breached.
UPS has stated they have not seen any abuse nor fraud come from affected customers in the incident thus far, but are offering complimentary credit monitoring and identity protection, which appears to be standard when large corporations are breached
UPS did not release many details on how the company was breached or how the attack was executed, but can be assumed it was a form of point-of-sale (PoS) malware, which are the exact attacks that hit Target, Albertsons and Supervalu, Neiman Marcus, P.F. Changs, and a number of others.
Researchers continuously push for corporations to push better intrusion detection systems, and protection that works in real time and can detect irregular technologies on their network. It appears the list continues to grow just one week later after the large supermarket data breach.