Data Breach Alert: 51 UPS Stores Affected!

ups_parcelAttention customers of 51 US-based UPS stores: It is time to cancel your credit/debit card.

UPS corporate has recently issued a press release stating that 51 of its franchise locations from 24 different states were infected by POS malware from January 20, 2014 – August 11, 2014. This malware could have stolen credit/debit card numbers, customer names, addresses, and contact information located on the stores’ point-of-sale registers.

For the official advisory and a list of affected locations, see theupsstore.com.

Many will note that this is not the first data breach headline of 2014 involving a major U.S. retailer. In fact, it is at least the tenth. For insight into why this is happening so much, we suggest Brian Krebs’ latest Q&A, Why So Many Card Breaches? There, Krebs suggests the impending October 2015 U.S. deadline to switch to chip-and-PIN technology set by Visa and MasterCard as one potential motivation and provides a brief introduction to the underground world of “carding.”

For more insight, we also suggest our latest posting on Backoff.

Although unfortunate, this latest breach also acts as an important reminder: big name brands are often malware targets. (No pun intended). In fact, delivery companies in particular are often used in email scams, where fake invoice attachments or links are used as means of infection. For more on this type of attack and tips on how to avoid one, see our 2010 article on Scam Emails.

Have a great (data-breach-free) day!