You are here: Home / Network Security / UPS Stores Hit by Data Breach
82% of the Fortune 500
Use BMC for innovative solutions & competitive business advantage.
Contact BMC to learn more.
UPS Stores in 24 States Hit by Data Breach
UPS Stores in 24 States Hit by Data Breach
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Big Brown has been breached. United Parcel Service (UPS) on Wednesday announced that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.

UPS discovered the breach in response to a government bulletin warning of a broad-based malware intrusion that traditional anti-virus software programs weren’t catching. UPS hired an IT security firm to review its systems -- and systems at its franchisees -- and discovered the breach. UPS eliminated the malware on August 11 and has posted details about which stores were affected.

The list of stores includes between one and four locations in each of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia, and Washington.

"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers," said Tim Davis, president, The UPS Store. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident.”

Dissecting the Malware

We caught up with Aviv Raff, CTO and chief researcher at advanced threat protection firm Seculert, to get his thoughts on the UPS breach. He told us this is another example -- just like the recent Community Health Systems breach that gave hackers access to 4.5 million patient records -- of how persistent attackers were able to successfully plant their attack tools.

“Enterprises are now coming to a conclusion that they are either already compromised, or will soon be,” Raff said. “It's not a matter of ‘if,’ it's a matter of ‘when.'”

Raff pointed out that UPS basically admitted that the attackers were in its systems, undetected, for four to eight months. That, he said, shows how necessary it is for enterprises to start using security tools that are able to detect attacks not just in real time but, more importantly, over time by analyzing historical and ongoing traffic logs.

We also turned to Tim Erlin, director of IT security and risk strategy at security firm Tripwire, to get his take on the latest breach. He told us the presence of malware on point-of-sale systems and infrastructure is a clear and present threat for any retail establishment. (continued...)

1  2  Next Page >

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.