United Parcel Service said that 51 of its franchised UPS Stores suffered a payments-related data breach affecting about 105,000 payment transactions between January and August, according to the Wall Street Journal on Wednesday (Aug. 20).
The company found the intrusion after receiving “a government bulletin regarding a broad-based malware intrusion targeting retailers” and then hired a security firm to investigate, UPS said in a statement. At most of the affected stores the malware was in place no earlier than March 26, 2014, and was removed by Aug. 11.
UPS will offer identity-protection and credit-monitoring services to affected customers. However, the company said it can’t notify customers individually because UPS doesn’t have all cardholder data. Customers will have to check a page on the UPS Store website to see if they shopped at a store that may have been affected. The company said it doesn’t know how many customers might have been affected — only the number of transactions.
The data breach was reportedly limited to about 1 percent of the more than 4,400 UPS Stores, which run on independent private networks. The data breach affected some (but not all) stores in 24 states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, West Virginia and Washington.