Barbara's Beat: The UPS Store notifies customers of potential data compromise and incident resolution

Friday, August 22, 2014

The UPS Store notifies customers of potential data compromise and incident resolution

 The UPS Store Hacked 

The UPS Store logo - letterheadThe UPS Store discovered malware at 51 locations, in 24 states of 4,470 franchised center locations throughout the United States. Certain customers' information, who used a credit or debit cards at the impacted franchised center locations between Jan. 20 and Aug. 11, 2014, may have been exposed. For most locations, the period of exposure to this malware began after March 26. The malware was eliminated as of August 11 and customers can shop securely at all The UPS Store locations according to The UPS Store.

"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance," said Tim Davis, President The UPS Store, Inc. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident," Davis said.

The UPS Store, Inc. received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States.

The UPS Store immediately launched an internal review, implemented system enhancements and engaged an IT security firm. An assessment by The UPS Store and the IT security firm revealed the presence of this malware on computer systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. 

Each franchised center location is individually-owned and runs independent private networks that are not connected to other franchised center locations. The limited malware intrusion was discovered at only 51 of The UPS Store franchised center locations and was not present on the computing systems of any other UPS business entities. A list of locations is listed below and is also listed at www.theupsstore.com/security.

Comprimised Information
The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer. 

Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.

The UPS Store is offering identity protection and credit monitoring services to impacted customers.  In order to take advantage of this service, please visit https://theupsstore.allclearid.comTo talk with a representative of The UPS Store concerning this issue, call 1-855-731-6016. 

In addition, customers are encouraged to closely monitor their card account activity and take other steps to help protect themselves. 

The impacted center locations, along with the time frame for potential exposure to this malware at each location, is listed below.



Malware Intrusion Date           Secure Transactions Date

ARIZONA
10645 North Tatum Boulevard, Suite 200 Phoenix AZ 85028
04.29.2014                                                             08.11.2014           

5402 East Lincoln Drive Scottsdale AZ 85253
01.26.2014                                                              08.11.2014

500 North Estrella Parkway Suite #B2 Goodyear AZ 85338
01.26.2014                                                               08.11.2014                       
3800 West Starr Pass Boulevard Tucson AZ 85745
01.26.2014                                                                08.11.2014  

CALIFORNIA                       

3419 East Chapman Drive Orange CA 92869
04.29.2014                                                                 08.11.2014                          
25A Crescent Drive Pleasant Hill CA 94523
04.29.2014                                                                 08.11.2014

1608 West Campbell Avenue Campbell CA 95008-1535
07.01.2014                                                                 08.11.2014

3230 Arena Boulevard Suite 245 Sacramento CA 95834 
04.29.2014                                                                 08.11.2014


COLORADO
3124 South Parker Road #A2 Aurora CO 80014
03.26.2014                                                             08.11.2014

5910 South University Boulevard Suite C-18 Greenwood Village CO 80121-2879
04.29.2014                                                            08.11.2014

12081 West Alameda Parkway Lakewood CO 80228
04.29.2014                                                            08.11.2014


CONNECTICUT
35 East Main Street Avon CT 06001
03.28.2014                                                            08.11.2014

1131 Tolland Turnpike Suite O Manchester CT 06042-1679
07.01.2014                                                            08.11.2014  


FLORIDA
2910 Kerry Forest Parkway D4 Tallahassee FL 32309
01.20.2014                                                            08.11.2014

1400 Village Square Boulevard #3 Tallahassee FL 32312-1231
01.20.2014                                                            08.11.2014  


GEORGIA
2700 Braselton Highway Suite #10 Dacula GA 30019-3207
04.29.2014                                                            08.11.2014       

1353 Riverstone Parkway Suite 120 Canton GA 30114-5622
04.29.2014                                                            08.11.2014        

1029 Peachtree Parkway North Peachtree City GA 30269-4210
04.29.2014                                                            08.11.2014     

6361 Talokas Lane, Suite C140 Columbus GA 31909
01.26.2014                                                             08.11.2014


IDAHO
6700 North Linder Road Suite 156A Meridian ID 83642
04.29.2014                                                             08.11.2014   


ILLINIOS
2033 North Milwaukee Avenue Riverwoods IL 60015
07.01.2014                                                             08.11.2014

276 East Deerpath Road Lake Forest IL 60045
03.26.2014                                                            08.11.2014      


LOUISIANA
17732 Highland Road Suite G Baton Rouge LA 70810-3813
04.29.2014                                                             08.11.2014

MARYLAND

10816 Town Center Boulevard Dunkirk MD 20754-3008
04.29.2014                                                             08.11.2014

NEBRASKA


4089 South 84th Street Omaha NE 68127
07.01.2014                                                              08.11.2014 


NEVADA
5575 Simmons Street Unit 1 North Las Vegas NV 89031
04.29.2014                                                              08.11.2014

2657 Windmill Parkway Henderson NV 89074
07.01.2014                                                               08.11.2014    

7435 South Eastern Avenue Suite 105 Las Vegas NV 89123
07.01.2014                                                                08.11.2014

561 Keystone Avenue Reno NV 89503
04.29.2014                                                                 08.11.2014  

NEW JERSEY

1385 Highway 35 Middletown NJ 07748
04.29.2014                                                                 08.11.2014       

1409 Marlton Pike Route 70 East, Suite 168 Cherry Hill NJ 08034
04.29.2014                                                                 08.11.2014

201 Strykers Road, Suite 19 Lopatcong NJ 08865
04.29.2014                                                                 08.11.2014   


 NEW YORK
420 South Riverside Avenue Croton On Hudson NY 10520-3029
04.29.2014                                                                 08.11.2014 


2520 Vestal Parkway East Suite 2 Vestal NY 13850
04.29.2014                                                                 08.11.2014   

2316 Delaware Avenue Buffalo NY 14216
04.29.2014                                                                 08.11.2014  

NORTH CAROLINA

6409 Fayeteville Road, Suite 120 Durham NC 27713
04.29.2014                                                                08.11.2014      

2217 Matthews Township Parkway, Suite D Matthews NC 28105-4819
04.29.2014                                                                 08.11.2014

1639 US Highway 74A Bypass Spindale NC 28160
07.01.2014                                                                 08.11.2014

217 Paragon Parkway Clyde NC 28721
04.29.2014                                                                   08.11.2014     

NORTH DAKOTA

387 15th Street West Dickinson ND 58601
03.26.2014                                                                     08.11.2014  


OHIO
829 Bethel Road Columbus OH 43214-1903
04.29.2014                                                                      08.11.2014

OKLAHOMA


1006 West Taft Street Sapulpa OK 74066
04.29.2014                                                                      08.11.2014    
PENNSYLVANIA        

322 Mall Boulevard Monroeville PA 15146-2229
07.01.2014                                                                     08.11.2014 

512 Northampton Edwardsville PA 18704
04.29.2014                                                                      08.11.2014

SOUTH DAKOTA

2601 South Minnosota Avenue Suite 105 Sioux Falls SD 75105
07.01.2014                                                                       08.11.2014

TENNESSEE

115 Penn Warren Drive #300 Brentwood TN 37027-5054
04.29.2014                                                                      08.11.2014

1138 North Germantown Parkway Suite 101 Cardova TN 38016
04.29.2014                                                                      08.11.2014

TEXAS

2201 Long Prairie, Suite 107 Flower Mound TX 75022
04.29.2014                                                                    08.11.2014

5605 FM 423, Suite 500 Frisco TX 75034
04.29.2014                                                                     08.11.2014

VIRGINIA

3445 Seminole Trail Route 29 North Charlottesville VA 22911-7593
04.29.2014                                                                     08.11.2014 

WASHINGTON

1400 West Washington Stree Suite 104 Sequim WA 98382-7242
04.29.2014

Frequently Asked Questions

What happened?

How many UPS Stores were affected?

When did this occur and how many customers were impacted?

What information was exposed?

What action should I take?

What actions has The UPS Store taken in response to the incident?

Is it safe for The UPS Store customers to use their credit cards?

Does this impact UPS corporate or other The UPS Store center locations?

Where should I go for updates?

What protection is The UPS Store offering affected customers?


Will The UPS Store contact me if my credit card was involved?
  
 

What happened?

The UPS Store Inc. has confirmed that a malware intrusion impacted 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. The UPS Store worked closely with an IT security firm to resolve the issue. 

The malware has been eliminated from the 51 impacted locations, as of August 11, and customers can shop securely at The UPS Store. We take our responsibility to protect customer information seriously and apologize for any inconvenience and impact this has had on our customers.



How many UPS Stores were affected?

At this time, the UPS Store and our IT security firm believe this malware intrusion on our systems impacted 51 locations in 24 states (about 1%) of 4,470 centers throughout the United States.



When did this occur and how many customers were impacted?

Based on the current assessment, the earliest evidence we have of malware present on a center’s systems is January 20, 2014.

For some center locations, based on our assessment, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.

What information was exposed?
Customer information may have been exposed as a result of this malware intrusion. The customer information that may have been exposed includes customers’ names, postal addresses, email addresses and payment card information. 

Not all of this information may have been exposed for The UPS Store customers who used a credit or debit card at an impacted location during this period. At this time, we are not aware of any reports of fraud associated with the potential data compromise.

What action should I take?
At this time, we are not aware of any reports of fraud associated with the malware intrusion. However as the trust of our customers is of the utmost importance, we are notifying potentially impacted customers. 

We encourage customers to closely monitor their card account activity and report any concerns to their bank or card issuer. The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question.

What actions has The UPS Store taken in response to the incident?
The UPS Store has committed extensive resources in response to the malware incident and a number of important steps have been taken — most importantly, eliminating the malware from systems at the 51 impacted locations — with the goal of ensuring our customers remain confident about doing business with The UPS Store centers. 

Is it safe for The UPS Store customers to use their credit cards?
Yes. We have eliminated this malware from systems in place at 51 affected franchised center locations. Our first priority is serving our customers. We know it is our responsibility to protect customer information and we have taken a number of steps to ensure that customers can remain confident about doing business with The UPS Store centers network.

Does this impact UPS corporate or other The UPS Store center locations?
No. Each The UPS Store location is individually-owned and runs an independent private network.  The malware was isolated to those locations.

Where should I go for updates?
We encourage you to check http://theupsstore.com, or https://theupsstore.allclearid.com for updates. If you have additional questions, you may also call 1-855-731-6016.

What protection is The UPS Store offering affected customers?
The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question. In order to take advantage of this service, please visit https://theupsstore.allclearid.com
The UPS Store representatives are available at 1-855-731-6016 for additional assistance.

Will The UPS Store contact me if my credit card was involved?
No, The UPS Store does not have sufficient customer information to contact potentially affected customers directly. We have created this website as a resource for potentially affected customers, to determine if they may have used a credit or debit card at one of the affected UPS Store locations during the designated time frame, and have provided broad public notification about the incident through the media. 



 Additional Information

Order Your Free Credit Report
To order your free credit report, visit www.annualcreditreport.com, call toll-free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. 

The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

We recommend you remain vigilant by reviewing your credit reports. When you receive your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you haven’t requested credit. 

Some companies bill under names other than their store or commercial names. The credit bureau will be able to tell you when that is the case. Look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security number). 

If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors in this information may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. 

If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Credit bureau staff will review your report with you. If the information can’t be explained, then you will need to call the creditors involved. Information that can’t be explained also should be reported to your local police or sheriff’s office because it may signal criminal activity.


Reporting Incidents

If you detect any incident of identity theft or fraud, promptly report the incident to law enforcement or your state Attorney General. If you believe your identity has been stolen, the FTC recommends that you take these additional steps:


  • Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the FTC’s ID Theft Affidavit (available at www.ftc.gov/idtheft) when you dispute new unauthorized accounts.
  • File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime.



You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft:

Federal Trade Commission

Consumer Response Center

600 Pensylvania Avenue, NW
Washington, DC 20580
1-877-IDTHEFT (438-4338)
 
Identity Protection Services
The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them. Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid.com for further information about these services.  

AllClear SECURE: The team at AllClear ID is ready and standing by if you need help protecting your identity. This protection is automatically available to you with no enrollment required. 

If a problem arises, simply call 1-855-731-6016 and a dedicated investigator will do the work to recover financial losses, restore your credit and make sure your identity is returned to its proper condition. AllClear maintains an A+ rating at the Better Business Bureau.

AllClear PRO: 
This service offers additional layers of protection including credit monitoring. For a child under 18 years old, AllClear ID ChildScan identifies fraud by searching various databases for evidence of misuse of the child’s information. 

To use the PRO service, you will need to provide your personal information to AllClear ID. You may sign up online at enroll.allclearid.com or by phone by calling 1-855-731-6016 using the redemption code received when registering for the AllClear PRO service.  

Please note: Additional steps may be required by you in order to activate your phone alerts. The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them.  

Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid.com for further information about these services.
 
Consider Placing a Fraud Alert on Your Credit File
To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect you against the possibility of an identity thief opening new credit accounts in your name. 

When a merchant checks the credit history of someone applying for credit, the merchant gets a notice that the applicant may be the victim of identity theft. The alert notifies the merchant to take steps to verify the identity of the applicant. 

You can place a fraud alert on your credit report by calling any one of the toll-free numbers provided below. You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three credit bureaus.


Equifax
Equifax Credit Information Services, Inc.
P.O. Box 740241
Atlanta, GA 30374
1-800-525-6285
www.equifax.com


Experian
Experian, Inc.
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com


TransUnion
TransUnion, LLC.
P.O. Box 2000
Chester, PA 19022-2000
1-800-680-7289
www.transunion.com

Consider Placing a Security Freeze on Your Credit File
You may wish to place a “security freeze” (also known as a “credit freeze”) on your credit file. A security freeze is designed to prevent potential creditors from accessing your credit file at the credit bureaus without your consent. There may be fees for placing, lifting, and/or removing a security freeze, which generally range from $5-$20 per action. 

Unlike a fraud alert, you must place a security freeze on your credit file at each credit bureau individually. For more information on security freezes, you may contact the three nationwide credit bureaus or the FTC as described above. Since the instructions for establishing a security freeze differ from state to state, please contact the three nationwide credit bureaus to find out more information.

The credit bureaus may require proper identification prior to honoring your request. 

For example, you may be asked to provide:
Your full name with middle initial and generation (such as Jr., Sr., II, III)
Your Social Security number
Your date of birth
Proof of your current residential address (such as a current utility bill)
Addresses where you have lived over the past five years
A legible copy of a goverment-issued identification card (such as a state driver's license or military ID card)
  
For Maryland Residents
You can obtain information from the Maryland Office of the Attorney General about steps you can take to avoid identity theft.

You may contact the Maryland Attorney General at:
Maryland Office of the Attorney General
Consumer Protection Division
200 St. Paul Place
Baltimore, MD 21202
(888) 743-0023 (toll-free in Maryland)
(410) 576-6300
www.oag.state.md.us

For North Carolina Residents
You can obtain information from the North Carolina Attorney General’s Office about preventing identity theft. 

You can contact the North Carolina Attorney General at:
North Carolina Attorney General's Office
9001 Mail Service Center
Raleigh, NC 27699-9001
(877) 566-7226 (toll-free in North Carolina)
(919) 716-6400
www.ncdoj.gov

The UPS Store
Corporate Headquarters
6060 Cornerstone Court West
San Diego, CA 92121

No comments :