As if the recent slew of malware attacks on large retailers such as Target, Neiman Marcus and Michael’s, another huge malware intrusion was reported to have hit The UPS Store outlets in several franchise locations.
The attacks involved credit card data theft of UPS customers, which went on for five months beginning in the spring and adding to a list of malware attack instances. The malware attack is said to have begun some time in March.
UPS reported the malware intrusion following an independent review by a third-party IT security firm, which worked to examine the systems of the UPS enterprise. Also, the government issued a bulletin alerting UPS to the malware attack on its networks, but stating that the malware was still unidentified using existing anti-malware tools. So the nature of the malware responsible for the attack remains to be known, and whether it is a new malicious tool or a derivative of previous malware families is anybody’s guess.
The attack affected the credit and debit cards of customers and buyers who made purchases at various UPS stores in Nevada, New Jersey, California, North Carolina and Georgia, among others in 24 states. There is only one potential impact, and that is the compromise of sensitive information of UPS customers, such as payment card data, email addresses, and names. It is most possible that the incident has exposed all these pieces of information to the hands of attackers and those with malicious intent to profit from the data.
It could be that the malware has been leaking the huge amount of user data between January 20 and August 11, though UPS clarified that not all of its locations have succumbed to the intrusion. And after August 11, UPS said the malware had been contained and removed from its enclaves, ensuring a safe shopping for customers at all of its sites.
There are nearly 4,500 UPS franchise stores, and the number of locations affected by the malware is said to account for only one percent of the breach. As of now there are no traces of evidence of the malware attack according to UPS. To address fears of fraud, the company is however providing customers with identity protection and credit monitoring services.
The UPS management is also mum on the scope of the malware intrusion as of this time, but said that the impact is broad-ranging. It is presumably similar in scale to the attacks that hit Target and Neiman Marcus in recent months.