Categories: SecurityWorkspace

UPS Hacked, Customer Financial Data Could Be Compromised

United Parcel Service (UPS) has revealed that earlier this year, hackers breached computer systems at 51 of its brick-and-mortar retail outlets across 24 US states, giving them the opportunity to steal customer data, including financial information.

The company didn’t specify the number of customers who might be affected, or the type of malware used in the attack. It also said it doesn’t plan to notify affected customers directly.

“As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident,” said Tim Davis, president of UPS Store.

Brown in trouble

UPS is the world’s largest package-shipping company, delivering more than 15 million mail items a day. It discovered that some of its computers were infected after a US government organisation (likely to be US-CERT) warned it about the existence of a new strain of malware not detected by conventional anti-virus solutions.

UPS promptly hired an IT security specialist to conduct a review, which found evidence of malware at 51 stores, or one percent of the company’s American franchise network.

A spokesperson for the company told Bloomberg that the breach could have potentially compromised data of around 105,000 transactions at UPS Stores, conducted between 20 January and 11 August. This information included names, physical and email addresses and credit or debit card data. UPS said it is not currently aware of any cases of this data being used for fraud.

The company added that the scope of the breach may have been limited because each franchised outlet is individually owned and runs independent, private networks.

UPS joins the growing number of major US corporations successfully breached by cyber criminals in 2014: earlier this week, Community Health Systems said it lost 4.5 million patient records to what it suspects were Chinese hackers. Later reports claimed that the attack was relying on the much-lamented Heartbleed vulnerability.

Last week, retail giant SuperValu revealed that hackers could have stolen credit and debit card account numbers from Point-of-Sale (PoS) systems in at least 209 stores. And who can forget massive breaches at Target and eBay, which compromised the security of tens of millions of users?

Just like Target and SuperValu, UPS has offered the affected customers free identity protection and credit monitoring programs for a year – something that has become a standard response to major data breaches.

“This is another high-profile attack on a company within the retail industry. The big players in the sector should see this as a wake-up call: you are being directly targeted, so preparation is key,” commented Rob Cotton, CEO at information assurance firm NCC Group.

“It appears that UPS had relied on the latest anti-virus software to protect it from harm, something it manifestly failed to do. This reliance on antivirus is surprising for a company of its size, and as we’ve said before, anti-virus tackles a problem that was around 20 years ago but which is becoming ever more irrelevant to today’s cyber threats. Organisations must look at other, more effective ways of managing this risk.”

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

2 days ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

2 days ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

2 days ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

3 days ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

3 days ago