UPS becomes latest data breach victim

UPS becomes latest data breach victim

Package delivery giant UPS has become the latest company to admit that customer payment card details may be at risk after it discovered malware at 51 of its US stores.

In a statement, UPS says that customers who used credit and debit cards at 51 of its 4470 franchised sites between 20 January and 11 August are at risk.

Names, postal and email addresses and payment card information may all be compromised but UPS says that it has no evidence of any fraud and that the malware has now been eliminated.

The danger was not picked up anti-virus software and UPS says that it was made aware of the problem when it recently - "among many other US retailers " - received a bulletin from the government.

Earlier this month the US government took the step of putting out an alert warning retailers about a new family of malware, dubbed Backoff, targeting point-of-sale systems.

Tim Davis, president The UPS Store, says: "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident."

US merchants have found themselves under siege from hackers in recent months, with the most notable case seeing thieves use a vendor's credentials to infect POS devices with malware and steal the details of around 40 million Target customer cards.

Comments: (1)

A Finextra member
A Finextra member 22 August, 2014, 06:54Be the first to give this comment the thumbs up 0 likes

The Flaw in POS terminal security has been solved. Really...

It would probably be considered in poor taste to repeat what was said in an earlier blog, on the same subject, but with a different victim - Supervalu.

To keep a sense of propriety, here's a link to the blog: