Bloomberg the Company & Products

Bloomberg Anywhere Login

Bloomberg

Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.

Company

Financial Products

Enterprise Products

Media

Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000

Communications

Industry Products

Media Services

Follow Us

UPS Store Computer Breach Put Customer Data at Risk

Aug. 20 (Bloomberg) -- United Parcel Service Inc. said a breach of computer systems at UPS Store retail outlets may have exposed customers’ personal and payment data at some locations this year.

Malware was found at 51 locations in 24 states, or about 1 percent of the 4,470 franchise stores across the U.S., UPS said in a statement today. About 105,000 transactions were affected, although the company can’t yet say how many customers, said Chelsea Lee, a UPS Store spokeswoman.

The incursion adds Atlanta-based UPS to a roster of major companies facing attacks from hackers, including hospital operator Community Health Systems Inc. and supermarket chain Supervalu Inc. Thieves stole credit card numbers and other personal information from at least 70 million Target Corp. customers last year, the biggest retail hack in U.S. history.

UPS, the world’s largest package-shipping company, said its breach may have been limited because each franchised retail outlet is individually owned and runs independent, private networks not connected to other locations. That arrangement “definitely helped,” Lee said in an interview.

At risk are UPS Store customers who used a credit or debit card at one of the affected locations from Jan. 20 through Aug. 11, the company said. At most of the locations, exposure to the malware began after March 26, and it was eliminated from all locations as of Aug. 11, UPS said.

Names, Addresses

Information that may have been revealed includes names, postal and e-mail addresses, and payment-card data, the company said. Not all information may have been exposed for each customer.

UPS Store is offering identity protection and credit monitoring programs for one year at no charge to customers who may have been affected, Lee said. The company currently has no evidence of fraud from the breach.

The incident is another setback for UPS, which missed some promised Christmas deliveries in 2013 when the company couldn’t keep pace with a surge of last-minute online purchases. UPS had to hire 85,000 temporary workers, raising costs and paring quarterly profit.

To contact the reporter on this story: Mary Schlangenstein in Dallas at maryc.s@bloomberg.net

To contact the editors responsible for this story: Ed Dufner at edufner@bloomberg.net John Lear

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.