Big Brown has been breached. United Parcel Service (UPS
) on Wednesday announced that about 105,000 customer
transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
UPS discovered the breach in response to a government bulletin warning of a broad-based malware intrusion that traditional anti-virus software programs weren’t catching. UPS hired an IT security firm to review its systems -- and systems at its franchisees -- and discovered the breach. UPS eliminated the malware on August 11 and has posted details about which stores were affected.
The list of stores includes between one and four locations in each of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia, and Washington.
"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers," said Tim Davis, president, The UPS Store. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident.”
Dissecting the Malware
We caught up with Aviv Raff, CTO and chief researcher at advanced threat protection firm Seculert, to get his thoughts on the UPS breach. He told us this is another example -- just like the recent Community Health Systems breach that gave hackers access to 4.5 million patient records -- of how persistent attackers were able to successfully plant their attack tools.
“Enterprises are now coming to a conclusion that they are either already compromised, or will soon be,” Raff said. “It's not a matter of ‘if,’ it's a matter of ‘when.'”
Raff pointed out that UPS basically admitted that the attackers were in its systems, undetected, for four to eight months. That, he said, shows how necessary it is for enterprises to start using security tools that are able to detect attacks not just in real time but, more importantly, over time by analyzing historical and ongoing traffic logs.
We also turned to Tim Erlin, director of IT security and risk strategy at security firm Tripwire, to get his take on the latest breach. He told us the presence of malware on point-of-sale systems and infrastructure is a clear and present threat for any retail establishment. (continued...)