UPS Hit by Data Breach Company Doesn't Know How Many Customers Were Affected, Only the Number of Transactions. Wall Street Journal By Laura Stevens

Aug 25, 2014

United Parcel Service said 51, or about 1%, of its UPS Stores were recently affected by a data breach.

Bloomberg News

United Parcel Service Inc. UPS said Wednesday that a data breach at 51 of its UPS Stores may have compromised data on approximately 105,000 customer transactions between January and August.

Customers won't receive individual notification letters because the company doesn't have all cardholder data, a UPS spokesman said. Customers will need to check the UPS Store Inc.'s website to see if they have shopped at a store that might have been affected. The company said it doesn't know how many customers might have been affected—only the number of transactions.

The data breach was limited to the affected stores—about 1% of its more than 4,400 UPS Stores—which run on independent private networks, UPS said. The data breach affected stores in 24 states, including California, Florida, Texas and New York. Other parts of the UPS network weren't affected.

UPS described the breach as being related to malicious software that may have resulted in stolen customer information, including names, postal addresses, email addresses and credit- or debit-card data.

The stores, which are individually owned as franchises, eliminated the malware on Aug. 11, and UPS says it has no evidence of fraud as a result of the breach.

"As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident," said Tim Davis, president of the UPS Store subsidiary.

UPS has set up an information website and will offer identity- protection and credit-monitoring services to any customers who may be affected. The data breach is the latest in a string of intrusions at retailers such as Target Corp. TGT -0.11% , Neiman Marcus Group and grocery chain Supervalu Inc., SVU -1.22% and restaurant chain P.F. Chang's China Bistro Inc. Typically, a malicious software attacks the point-of-sale, capturing data when a card is swiped for payment. The attack on Target compromised tens of millions of credit and debit accounts over the holidays last year.

The rise in data breaches has intensified pressure on banks and retailers to introduce a new generation of credit cards embedded with microchips, which are designed to be more secure. Already widely in use in Europe and other parts of the world, chip cards scramble the data as a transaction occurs.

UPS said it recently received a notification from the government alerting it to the malware, which it said wasn't detectable by then-current antivirus software. UPS then hired a security firm to review its systems, prompting the discovery.

Write to Laura Stevens at

May 05.14 | Target CEO Departs in Wake of Data Breach Source: Brian Prince Contributing Writer, Dark Reading

read more

Jun 10.13 | Canada Eavesdropping on Phone, Internet Records Too: Source: Globe and Mail

read more

Jan 18.13 | Java Security Warnings: Cut Through The Confusion by Mathew J. Schwartz

read more

May 29.12 | Researchers identify Stuxnet-like malware called 'Flame' By Lucian Constantin

read more

May 18.12 | Even a minor lapse in security protocol can lead to major costs Posted by: Karen Goulart

read more

Apr 03.12 | Global Payments hopes to soon regain PCI compliance after breach

Global Payments hopes to soon regain PCI compliance after breach
read more

Oct 11.11 | Businesses failing to comply with PCI DSS security standards: Verizon and Banktech India News Network, 9/29/2011 10:55:29 AM

Too many businesses are struggling to comply with payment card security standards, putting consumers’ confidential information at risk, according to a report by IT services and solutions provider Verizon. Te report for a second year in a row found compliance lacking on the payment card security front. read more

May 03.11 | Sony data breach update reveals 'bad practices' By Emily Chung, CBC News

The data breach affecting Sony Online Entertainment's 24.6 million accounts is linked to a previously announced cyberattack on Sony's PlayStation Network and Qriocity entertainment service, which affected the personal information of more than 77 million users. Thomas Peter/Reuters read more

Mar 11.11 | Assume you’re always under attack’: experts By: Liam Lahey On: 11 Mar 2011 For: ComputerWorld Canada

Enterprises must make a conscious decision about what information we’re prepared to lose, said an exec with security vendor Symantec. Why companies are missing the mark with security risk management read more