3 min read

UPS Store data breach - the post mortem can wait, it's time to warn and advise the victims

Graham CLULEY

August 22, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
UPS Store data breach - the post mortem can wait, it's time to warn and advise the victims

Up to 100,000 customers of The UPS Store may have reason to worry right now, after it was disclosed this week the company announced that it had suffered a massive data breach at 51 of its sites across the United States.

The breach was orchestrated by hackers who managed to plant malware onto point of sale (PoS) systems used at the company’s stores, which went undetected by anti-virus software for months.

The UPS Store is just the latest in a long line of well-known retailers to have suffered from PoS malware in recent months. Past victims have included Target, Neiman Marcus, PF Changs, and most recently the SuperValu and Alberton’s grocery stores.

PoS malware certainly seems to be a growing problem. So much so that in the last month the US government issued an advisory about the threat posed by the Backoff PoS malware.

The UPS Store, a subsidiary of the global shipping firm UPS, says that as of August 11th, the malware has been removed from all 51 impacted locations, and is at pains to underline that it is now safe to shop securely again.

However, because some systems were infected as far back as January 20th, 2014, the hackers appear to have had almost eight months to potentially steal customers’ names, postal and email addresses, as well as payment card information.

I bet some of those 100,000 or so customers now wish that they had paid with cash.

That’s if, of course, they even know that their credit and debit card details may be at risk.

Because, as The UPS Store’s advisory explains, the company “does not have sufficient customer information to contact potentially affected customers”.

In other words, if you don’t happen to see the warning on the UPS Store website, or read one of the news articles about the breach, the first victims will probably know about if they’re at risk is their accounts suffer fraudulent activity.

A full list of affected locations, along with the timeline for when the malware entered the network and when transactions became safe again, is on the UPS Store website.

To give it some credit, I’m impressed with the detail that The UPS Store has provided on its website, and how it has used social media channels (such as its Twitter account) to reach out to concerned customers.

My feeling is that you shouldn’t judge a corporation by how it got hacked, but by how well it handles the aftermath and whether acts openly and respectfully to its customers.

Clearly there will need to be a post mortem, but right now the most important thing is to support those customers who might be victims – and provide them with advice on how to best protect themselves.

And I’m also pleased to see that Tim Davis, president of The UPS Store, hasn’t been stopped by his legal team from accepting responsibility and isn’t afraid of saying that the firm apologises. That’s refreshing when so many corporations can’t seem to manage a simple “sorry” to customers after a data breach.

“Please know we take our responsibility to protect customer information seriously and have committed extensive resources to addressing this incident. We understand this type of incident can be disruptive and apologize for any anxiety this may have caused.”

Anyone who feels they might be at risk is advised to keep a close eye on their bank account statements, and make use of free credit monitoring offered by the company.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read