San Diego, August 20, 2014
The UPS Store, Inc., among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion not identified by current anti-virus software. Upon receiving the bulletin, The UPS Store retained an IT security firm and conducted a review of its systems and the systems of its franchised center locations. The UPS Store discovered malware identified in the bulletin on systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States.
Based on the current assessment by The UPS Store and the IT security firm, certain customers' information, who used a credit or debit card at the 51 impacted franchised center locations between January 20, 2014 and August 11, 2014, may have been exposed. For most locations, the period of exposure to this malware began after March 26, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at all The UPS Store locations.
"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance," said Tim Davis, President The UPS Store, Inc. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident," Davis said.
Each franchised center location is individually-owned and runs independent private networks that are not connected to other franchised center locations. The limited malware intrusion was discovered at only 51 The UPS Store franchised center locations and was not present on the computing systems of any other UPS business entities. A list of locations is attached and is displayed at www.theupsstore.com/security.
The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.
For further information and to learn about complimentary identity protection and credit monitoring services, visit theupsstore.allclearid.com. To talk with a representative of The UPS Store concerning this issue, call 1-855-731-6016.