UPS loses 105,000 US transaction details in 8-month malware breach
UPS on Wednesday announced that 105,000 US customers’ personal information, including card payment details, was stolen in a cyber breach of branches across 24 states.
UPS has launched an internal investigation into the breach
Fifty one (one per cent) of the firm’s 4,470 US business hubs were breached by the malware attack, which was undetectable to current anti-virus software programs.
Customers who used credit or debit cards at these locations between 20 January and 11 August this year, were vulnerable to the data theft which saw clients' names, postal addresses, email addresses and payment card information stolen.
UPS franchises are responsible for administering their own digital security protocols which is why only one per cent of branches were vulnerable to the attack.
The delivery firm was informed of the breach by the US government, and added that it had found no evidence that the data had been used for fraudulent purposes.
Tim Davis, president of UPS, said: “I understand this type of incident can be disruptive and cause frustration. I apologise for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance.
“As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident.”
However, Davis issued a warning to customers: “We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports.”
This comes after the New York Times earlier this month announced that a Russian cyber-gang had stolen over 1.2bn username and password combinations from a host of companies and websites.