AAPL Stock: 118.51 ( + 0.7 )

Printed from

UPS Stores hit by 'malware intrusion,' customer data possibly exposed

updated 03:30 pm EDT, Thu August 21, 2014

Stores in 24 states affected by breach, spanned up to seven months in some cases

The UPS Store chain of delivery and packaging facilities has reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff," according to the New York Times.

After the company received the bulletin, it hired a security firm to look into its systems -- only to find that some of its 4,470 franchise locations were infected. A total of 51 stores in 24 states were hit with the malware, including Arizona, California, Colorado, Georgia and North Carolina. Digging deeper into the security breach, UPS Stores found that some of the stores saw the initial intrusion as early as January 20. While most intrusions weren't shown until March, the malware wasn't eliminated until August 11.

President of The UPS Store Tim Davis says that the company has "implemented various system enhancements and antivirus updates" since the attack was discovered. At this time, the company doesn't know of any reports of fraud as a result of the intrusion. However, the company is notifying customers that were potentially impacted by the system breach.

In the course of the breach, the chain believes that customers' information could have been exposed. This includes names, physical addresses, email address and potentially credit and debit card information. However, the company adds that not all customers may have had all of the information pieces exposed. As a result, the company is giving customers that were affected by the malware intrusion a free year of credit monitoring and identity protection through AllClearID.

"Please know we take our responsibility to protect customer information seriously, and have committed extensive resources to addressing this incident," said Davis. "We understand this type of incident can be disruptive, and apologize for any anxiety this may have caused."

A list of all of the stores affected by the breach is available at the UPS Store page. Customers that did business with any of 51 stores in the seven-month window are urged to contact the company. The company states that it doesn't have enough information to contact customers in some cases if a credit or debit card was used.

by MacNN Staff



  1. Grendelmon

    Senior User

    Joined: 12-26-07

    I don't understand why a major corporation would have to hire a security firm to analyze it's own systems. What exactly does their I.T. department do?

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    Contrary to popular belief, having even a "large" IT department doesn't necessarily mean you have the personnel with the necessary skills to perform competent forensic analysis of a security breach.
    One might argue it's just as specialized as network engineering, but the bottom line is that most companies don't spend the resources to maintain the skill set of a full security department, since the need is (has been) seen as rare.
    Financially, it would appear better to outsource the initial security assessment and remediation of your network security, and revisit that process regularly, than to keep a department staffed and trained for competent forensic analysis.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented