20 August 2014
The UPS Store Notifies Customers Of Potential Data Compromise and Incident Resolution
San Diego CA – August 20, 2014 – The UPS Store, Inc., among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion not identified by current anti-virus software. Upon receiving the bulletin, The UPS Store retained an IT security firm and conducted a review of its systems and the systems of its franchised center locations. The UPS Store discovered malware identified in the bulletin on systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States.
Based on the current assessment by The UPS Store and the IT security firm, certain customers’ information, who used a credit or debit card at the 51 impacted franchised center locations between January 20, 2014 and August 11, 2014, may have been exposed. For some center locations, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at all The UPS Store locations.
“I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store, the trust of our customers is of utmost importance,” said Tim Davis, President The UPS Store, Inc. “As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident,” Davis said.
Each franchised center location is individually-owned and runs independent private networks that are not connected to other franchised center locations. The limited malware intrusion was discovered at only 51 The UPS Store franchised center locations and was not present on the computing systems of any other UPS business entities.
The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.
For further information and to learn about complimentary identity protection and credit monitoring services, visit https://theupsstore.allclearid.com. To talk with a representative of The UPS Store concerning this issue, call 1-855-731-6016.
About The UPS Store
With more than 4,400 locations, The UPS Store network comprises the nation’s largest franchise system of retail shipping, postal, print and business service centers. The UPS Store locations in the U.S. are independently owned and operated by licensed franchisees of The UPS Store, Inc., a subsidiary of UPS. Services, pricing and hours of operation may vary by location. For additional information on The UPS Store, visit www.theupsstore.com.
Media Contact:
Chelsea Lee
The UPS Store
858-455-8982
chelsealee@upsstore.com
Back to Pressroom