The shipping giant United Parcel Service (UPS) says that customer names, credit and debit card numbers, email addresses and physical addresses may have been accessed by hackers using a computer virus. UPS made the announcement on August 20, saying that investigators found malware on 51 stores across two dozen states, amounting to about 1 percent of all locations.
The company says it does not know for sure how many customers were affected, but an estimated 105,000 individual transactions between January 20 and August 11 appear to have been compromised. Some locations were reportedly exposed to potential fraudsters for as long as eight months.
As a result, thousands of consumers are now at serious risk of credit fraud and/or identity theft. Cyber criminals could use data taken in the security breach to open credit lines and apply for loans in customers' names. The company says that it is not yet aware of any confirmed instances of fraud related to the data breach.
A spokesperson says that the affected locations are franchises and therefore were not connected to each other via an electronic network. Company officials do not yet know how cyber criminals were able to access the stores' internal systems. The spokesperson added that the malware was removed by August 11 and that UPS has taken extra steps to strengthen digital security measures at the stores that were not targeted.
“As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue," UPS store subsidiary president Tim Davis tells The Wall Street Journal. "Our customers can be assured that we have identified and fully contained the incident,”
UPS is far from the only major corporation to experience a large-scale data breach in recent months. We've previously discussed on this blog how major retailers and restaurants like Target, Neiman Marcus, Goodwill and P.F. Chang's have lost information belonging to millions of customers in similar breaches.
Just a week before the UPS announcement, supermarket chain Supervalu revealed that as many as 200 of its grocery and liquor stores may have lost consumer data. Most recently hospital operator Community Health Services revealed that hackers had stolen the names, social security numbers and addresses of 4.5 million patients around the country.
If you have reason to believe that your personal information may have been accessed by identity thieves in a particular data breach, then you should immediately take proactive steps to guard your privacy.
Incredibly a recent CNN Money study found that at least half of all American adults were hacked within the previous 12-month period. Unfortunately, cyber security experts are not currently able to keep pace with their criminal counterparts, so none of us can be 100 percent sure that our information is safe. The reality is that many people have likely had their identities stolen and still do not realize it.
Even if you can't identity a specific instance in which hackers may have gained access to your information, it is a good idea to invest in a credit monitoring service. While a credit monitoring system cannot guarantee your protection, it can alert you to certain indicators of potential fraud, allowing you to move to thwart the thieves before they are able to seriously damage your credit.
Here is a list of states with affected UPS locations:
- North Carolina
- North Dakota
- New Jersey
- New York
- South Dakota
If you made a purchase at a UPS store in any of the above states, you should visit the UPS website to see which particular locations were affected.