Hackers have stolen credit card data from 51 UPS stores in the US

Hackers have compromised with a malware the system at 51 UPS Stores across the United States, customers’ credit card data may have been exposed.

UPS is the last clamorous victim of a gang of cybercriminals from Eastern Europe, the bad actors behind the cyber attack has compromised 51 UPS Stores across the United States. The investigators speculated that the gang is the same that the last year has stolen credit/debit card data in the clamorous data breaches of Target, Neiman Marcus, P.F. Chang’s and other retailers

UPS personnel have discovered that systems at 51 out of its 4,470 stores were infected by a malware, the malicious code was spread through a government bulletin alerting various retailers of potential attacks on their systems by cyber criminals.

Here’s the list of affected locations, published by the company.

UPS customers who have used their debit/credit cards at UPS Stores between Jan. 20th, 2014 and Aug. 11th this year may be victim of the data breach. UPS company has published an official statement on Wednesday to warn its customers.

“Based on the current assessment by The UPS Store and the IT security firm, certain customers’ information, who used a credit or debit card at the 51 impacted franchised center locations between January 20, 2014 and August 11, 2014, may have been exposed. For some center locations, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at all The UPS Store locations.” wrote UPS Stores spokesperson Chelsea Lee in the statement.

The UPS representative added that customer information that may have been exposed includes names, email addresses, postal addresses and of course payment card data.

In time I’m writing the UPS company hasn’t provided information on extension of the data breach, but it clarified that for now it has “no evidence of fraud arising from this incident.”

The situation seems to be under control now, as explained by UPS in the statement the malware has been removed by the infected systems on Aug. 11, customers affected will receive one year of free identity protection and credit monitoring services.

Pierluigi Paganini

(Security Affairs – UPS, data breach)