X

UPS Store hacked, possibly compromising user data

​The shipping store discovered malware in the computer systems of 51 US stores in 24 states. Customer credit and debit card information may have been leaked.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
See full bio
Dara Kerr
2 min read

screen-shot-2014-08-20-at-7-44-47-pm.png

The UPS Store is the latest retail chain to be targeted in a data breach leading to the theft of customers' credit card information.

The shipping and business services store announced Wednesday that 51 US stores in 24 states had been hacked via a malware intrusion on the store's computer systems. The breach affected about 1 percent of all UPS Stores.

The company has determined that customers who used a credit or debit card at these stores between January 20, 2014, and August 11, 2014, could have been exposed to the breach. Private customer information that may have been leaked includes names, postal addresses, email addresses, and credit and debit card data.

"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance," The UPS Store president Tim Davis said in a statement. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident."

The company became aware of the breach after the US government notified the chain it had discovered a "broad-based malware intrusion" in its system. The UPS Store hired an IT security firm to investigate further. This firm then located the malware in the 51 stores' systems.

The hack into The UPS Store comes amid an apparent uptick in security breaches at retail locations. Retail giant Target revealed in December that hackers obtained credit card data for more than 110 million customers who shopped in its stores late last year. And, over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang's revealed they were victims of security breaches aimed at stealing customer's credit card information.

The UPS Store said it eliminated the malware as of August 11 and has notified potentially affected customers of the breach. The company is offering identity protection and credit monitoring services to those customers.