The UPS Store Hacked
The UPS
Store discovered malware at 51
locations, in 24 states of 4,470 franchised center locations
throughout the United States. Certain customers' information,
who used a credit or debit cards at the impacted franchised center
locations between Jan. 20 and Aug. 11, 2014, may have been
exposed. For most locations, the period of exposure to this malware
began after March 26. The malware was eliminated as of August 11 and customers can shop securely at all The UPS Store locations according to The UPS Store."I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance," said Tim Davis, President The UPS Store, Inc. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident," Davis said.
The UPS Store, Inc. received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States.
The UPS Store immediately launched an internal review, implemented system enhancements and engaged an IT security firm. An assessment by The UPS Store and the IT security firm revealed the presence of this malware on computer systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States.
Each franchised center location is individually-owned and runs independent private networks that are not connected to other franchised center locations. The limited malware intrusion was discovered at only 51 of The UPS Store franchised center locations and was not present on the computing systems of any other UPS business entities. A list of locations is listed below and is also listed at www.theupsstore.com/security.
Comprimised Information
The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer.
Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.
The UPS Store is offering identity protection and credit monitoring services to impacted customers. In order to take advantage of this service, please visit https://theupsstore.allclearid.com. To talk with a representative of The UPS Store concerning this issue, call 1-855-731-6016.
In addition, customers are encouraged to closely monitor their card account activity and take other steps to help protect themselves.
The impacted center locations, along with the time frame for potential exposure to this malware at each location, is listed below.
Malware Intrusion Date Secure Transactions Date
ARIZONA
10645 North Tatum Boulevard, Suite 200 Phoenix AZ 85028
04.29.2014 08.11.2014
5402 East Lincoln Drive Scottsdale AZ 85253
01.26.2014 08.11.2014
500 North Estrella Parkway Suite #B2 Goodyear AZ 85338
01.26.2014 08.11.2014
3800 West Starr Pass Boulevard Tucson AZ 85745
01.26.2014 08.11.2014
CALIFORNIA
3419 East Chapman Drive Orange CA 92869
04.29.2014 08.11.2014
25A Crescent Drive Pleasant Hill CA 94523
04.29.2014 08.11.2014
1608 West Campbell Avenue Campbell CA 95008-1535
07.01.2014 08.11.2014
3230 Arena Boulevard Suite 245 Sacramento CA 95834
04.29.2014 08.11.2014
COLORADO
3124 South Parker Road #A2 Aurora CO 80014
03.26.2014 08.11.2014
5910 South University Boulevard Suite C-18 Greenwood Village CO 80121-2879
04.29.2014 08.11.2014
12081 West Alameda Parkway Lakewood CO 80228
04.29.2014 08.11.2014
CONNECTICUT
35 East Main Street Avon CT 06001
03.28.2014 08.11.2014
1131 Tolland Turnpike Suite O Manchester CT 06042-1679
07.01.2014 08.11.2014
FLORIDA
2910 Kerry Forest Parkway D4 Tallahassee FL 32309
01.20.2014 08.11.2014
1400 Village Square Boulevard #3 Tallahassee FL 32312-1231
01.20.2014 08.11.2014
GEORGIA
2700 Braselton Highway Suite #10 Dacula GA 30019-3207
04.29.2014 08.11.2014
1353 Riverstone Parkway Suite 120 Canton GA 30114-5622
04.29.2014 08.11.2014
1029 Peachtree Parkway North Peachtree City GA 30269-4210
04.29.2014 08.11.2014
6361 Talokas Lane, Suite C140 Columbus GA 31909
01.26.2014 08.11.2014
IDAHO
6700 North Linder Road Suite 156A Meridian ID 83642
04.29.2014 08.11.2014
ILLINIOS
2033 North Milwaukee Avenue Riverwoods IL 60015
07.01.2014 08.11.2014
276 East Deerpath Road Lake Forest IL 60045
03.26.2014 08.11.2014
LOUISIANA
17732 Highland Road Suite G Baton Rouge LA 70810-3813
04.29.2014 08.11.2014
MARYLAND
10816 Town Center Boulevard Dunkirk MD 20754-3008
04.29.2014 08.11.2014
NEBRASKA
4089 South 84th Street Omaha NE 68127
07.01.2014 08.11.2014
NEVADA
5575 Simmons Street Unit 1 North Las Vegas NV 89031
04.29.2014 08.11.2014
2657 Windmill Parkway Henderson NV 89074
07.01.2014 08.11.2014
7435 South Eastern Avenue Suite 105 Las Vegas NV 89123
07.01.2014 08.11.2014
561 Keystone Avenue Reno NV 89503
04.29.2014 08.11.2014
NEW JERSEY
1385 Highway 35 Middletown NJ 07748
04.29.2014 08.11.2014
1409 Marlton Pike Route 70 East, Suite 168 Cherry Hill NJ 08034
04.29.2014 08.11.2014
201 Strykers Road, Suite 19 Lopatcong NJ 08865
04.29.2014 08.11.2014
NEW YORK
420 South Riverside Avenue Croton On Hudson NY 10520-3029
04.29.2014 08.11.2014
2520 Vestal Parkway East Suite 2 Vestal NY 13850
04.29.2014 08.11.2014
2316 Delaware Avenue Buffalo NY 14216
04.29.2014 08.11.2014
NORTH CAROLINA
6409 Fayeteville Road, Suite 120 Durham NC 27713
04.29.2014 08.11.2014
2217 Matthews Township Parkway, Suite D Matthews NC 28105-4819
04.29.2014 08.11.2014
1639 US Highway 74A Bypass Spindale NC 28160
07.01.2014 08.11.2014
217 Paragon Parkway Clyde NC 28721
04.29.2014 08.11.2014
NORTH DAKOTA
387 15th Street West Dickinson ND 58601
03.26.2014 08.11.2014
OHIO
829 Bethel Road Columbus OH 43214-1903
04.29.2014 08.11.2014
OKLAHOMA
1006 West Taft Street Sapulpa OK 74066
04.29.2014 08.11.2014
PENNSYLVANIA
322 Mall Boulevard Monroeville PA 15146-2229
07.01.2014 08.11.2014
512 Northampton Edwardsville PA 18704
04.29.2014 08.11.2014
SOUTH DAKOTA
2601 South Minnosota Avenue Suite 105 Sioux Falls SD 75105
07.01.2014 08.11.2014
TENNESSEE
115 Penn Warren Drive #300 Brentwood TN 37027-5054
04.29.2014 08.11.2014
1138 North Germantown Parkway Suite 101 Cardova TN 38016
04.29.2014 08.11.2014
TEXAS
2201 Long Prairie, Suite 107 Flower Mound TX 75022
04.29.2014 08.11.2014
5605 FM 423, Suite 500 Frisco TX 75034
04.29.2014 08.11.2014
VIRGINIA
3445 Seminole Trail Route 29 North Charlottesville VA 22911-7593
04.29.2014 08.11.2014
WASHINGTON
1400 West Washington Stree Suite 104 Sequim WA 98382-7242
04.29.2014
What happened?
How many UPS Stores were affected?
When did this occur and how many customers were impacted?
What information was exposed?
What action should I take?
What actions has The UPS Store taken in response to the incident?
Is it safe for The UPS Store customers to use their credit cards?
Does this impact UPS corporate or other The UPS Store center locations?
Where should I go for updates?
What protection is The UPS Store offering affected customers?
Will The UPS Store contact me if my credit card was involved?
The
UPS Store Inc. has confirmed that a malware intrusion impacted 51
locations in 24 states (about 1%) of 4,470 franchised center locations
throughout the United States. The UPS Store worked closely with an IT
security firm to resolve the issue.
The malware has been eliminated from the 51 impacted locations, as of August 11, and customers can shop securely at The UPS Store. We take our responsibility to protect customer information seriously and apologize for any inconvenience and impact this has had on our customers.
The malware has been eliminated from the 51 impacted locations, as of August 11, and customers can shop securely at The UPS Store. We take our responsibility to protect customer information seriously and apologize for any inconvenience and impact this has had on our customers.
At
this time, the UPS Store and our IT security firm believe this malware
intrusion on our systems impacted 51 locations in 24 states (about 1%)
of 4,470 centers throughout the United States.
Based
on the current assessment, the earliest evidence we have of malware
present on a center’s systems is January 20, 2014.
For some center locations, based on our assessment, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.
For some center locations, based on our assessment, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.
Customer
information may have been exposed as a result of this malware
intrusion. The customer information that may have been exposed includes
customers’ names, postal addresses, email addresses and payment card
information.
Not all of this information may have been exposed for The UPS Store customers who used a credit or debit card at an impacted location during this period. At this time, we are not aware of any reports of fraud associated with the potential data compromise.
Not all of this information may have been exposed for The UPS Store customers who used a credit or debit card at an impacted location during this period. At this time, we are not aware of any reports of fraud associated with the potential data compromise.
At
this time, we are not aware of any reports of fraud associated with the
malware intrusion. However as the trust of our customers is of the
utmost importance, we are notifying potentially impacted customers.
We encourage customers to closely monitor their card account activity and report any concerns to their bank or card issuer. The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question.
We encourage customers to closely monitor their card account activity and report any concerns to their bank or card issuer. The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question.
The
UPS Store has committed extensive resources in response to the malware
incident and a number of important steps have been taken — most
importantly, eliminating the malware from systems at the 51 impacted
locations — with the goal of ensuring our customers remain confident
about doing business with The UPS Store centers.
Yes.
We have eliminated this malware from systems in place at 51 affected
franchised center locations. Our first priority is serving our
customers. We know it is our responsibility to protect customer
information and we have taken a number of steps to ensure that customers
can remain confident about doing business with The UPS Store centers
network.
No.
Each The UPS Store location is individually-owned and runs an
independent private network. The malware was isolated to those
locations.
We encourage you to check http://theupsstore.com, or https://theupsstore.allclearid.com for updates. If you have additional questions, you may also call 1-855-731-6016.
What protection is The UPS Store offering affected customers?
The
UPS Store is offering identity protection and credit monitoring
services at no charge for one year to any customer who used a credit or
debit card at one of the impacted center locations during the period in
question. In order to take advantage of this service, please visit https://theupsstore.allclearid.com.
The UPS Store representatives are available at 1-855-731-6016 for additional assistance.
The UPS Store representatives are available at 1-855-731-6016 for additional assistance.
No,
The UPS Store does not have sufficient customer information to contact
potentially affected customers directly. We have created this website as
a resource for potentially affected customers, to determine if they may
have used a credit or debit card at one of the affected UPS Store
locations during the designated time frame, and have provided broad
public notification about the incident through the media.
Order Your Free Credit Report
To order your free credit report, visit www.annualcreditreport.com,
call toll-free at 1-877-322-8228, or complete the Annual Credit Report
Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and
mail it to Annual Credit Report Request Service, P.O. Box 105281,
Atlanta, GA 30348-5281.
The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.
The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.
We
recommend you remain vigilant by reviewing your credit reports.
When you receive your credit report, review it carefully. Look for
accounts you did not open. Look in the “inquiries” section for names of
creditors from whom you haven’t requested credit.
Some companies bill under names other than their store or commercial names. The credit bureau will be able to tell you when that is the case. Look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security number).
If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors in this information may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected.
If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Credit bureau staff will review your report with you. If the information can’t be explained, then you will need to call the creditors involved. Information that can’t be explained also should be reported to your local police or sheriff’s office because it may signal criminal activity.
Some companies bill under names other than their store or commercial names. The credit bureau will be able to tell you when that is the case. Look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security number).
If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors in this information may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected.
If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Credit bureau staff will review your report with you. If the information can’t be explained, then you will need to call the creditors involved. Information that can’t be explained also should be reported to your local police or sheriff’s office because it may signal criminal activity.
Reporting Incidents
If
you detect any incident of identity theft or fraud, promptly report the
incident to law enforcement or your state Attorney General. If you
believe your identity has been stolen, the FTC recommends that you take
these additional steps:
-
Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the FTC’s ID Theft Affidavit (available at www.ftc.gov/idtheft) when you dispute new unauthorized accounts.
-
File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime.
You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft:
Federal Trade Commission
Consumer Response Center
600 Pensylvania Avenue, NW
Washington, DC 20580
1-877-IDTHEFT (438-4338)
Identity Protection Services
The
UPS Store has arranged with AllClear ID to offer affected customers
identity protection services and credit monitoring at no cost to them. Customers who believe they may have been impacted are encouraged to
visit https://theupsstore.allclearid.com for further information about these services.
AllClear SECURE: The team at AllClear ID is ready and standing by if you need help protecting your identity. This protection is automatically available to you with no enrollment required.
If a problem arises, simply call 1-855-731-6016 and a dedicated investigator will do the work to recover financial losses, restore your credit and make sure your identity is returned to its proper condition. AllClear maintains an A+ rating at the Better Business Bureau.
AllClear PRO:
This service offers additional layers of protection including credit monitoring. For a child under 18 years old, AllClear ID ChildScan identifies fraud by searching various databases for evidence of misuse of the child’s information.
To use the PRO service, you will need to provide your personal information to AllClear ID. You may sign up online at enroll.allclearid.com or by phone by calling 1-855-731-6016 using the redemption code received when registering for the AllClear PRO service.
Please note: Additional steps may be required by you in order to activate your phone alerts. The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them.
Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid.com for further information about these services.
Consider Placing a Fraud Alert on Your Credit File
To protect yourself from possible identity theft, consider placing a
fraud alert on your credit file. A fraud alert helps protect you against
the possibility of an identity thief opening new credit accounts in
your name. When a merchant checks the credit history of someone applying for credit, the merchant gets a notice that the applicant may be the victim of identity theft. The alert notifies the merchant to take steps to verify the identity of the applicant.
You can place a fraud alert on your credit report by calling any one of the toll-free numbers provided below. You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three credit bureaus.
Equifax
Equifax Credit Information Services, Inc.P.O. Box 740241
Atlanta, GA 30374
1-800-525-6285
www.equifax.com
Experian
Experian, Inc.P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com
TransUnion
TransUnion, LLC.P.O. Box 2000
Chester, PA 19022-2000
1-800-680-7289
www.transunion.com
Consider Placing a Security Freeze on Your Credit File
You
may wish to place a “security freeze” (also known as a “credit freeze”)
on your credit file. A security freeze is designed to prevent potential
creditors from accessing your credit file at the credit bureaus without
your consent. There may be fees for placing, lifting, and/or removing a
security freeze, which generally range from $5-$20 per action. Unlike a fraud alert, you must place a security freeze on your credit file at each credit bureau individually. For more information on security freezes, you may contact the three nationwide credit bureaus or the FTC as described above. Since the instructions for establishing a security freeze differ from state to state, please contact the three nationwide credit bureaus to find out more information.
The credit bureaus may require proper identification prior to honoring your request.
For example, you may be asked to provide:
Your full name with middle initial and generation (such as Jr., Sr., II, III)
Your Social Security number
Your date of birth
Proof of your current residential address (such as a current utility bill)
Addresses where you have lived over the past five years
A legible copy of a goverment-issued identification card (such as a state driver's license or military ID card)
For Maryland Residents
You can obtain information from the Maryland Office of the Attorney
General about steps you can take to avoid identity theft.You may contact the Maryland Attorney General at:
Maryland Office of the Attorney General
Consumer Protection Division
200 St. Paul Place
Baltimore, MD 21202
(888) 743-0023 (toll-free in Maryland)
(410) 576-6300
www.oag.state.md.us
For North Carolina Residents
You can obtain information from the North Carolina Attorney General’s Office about preventing identity theft.
You can contact the North Carolina Attorney General at:
North Carolina Attorney General's Office
9001 Mail Service Center
Raleigh, NC 27699-9001
(877) 566-7226 (toll-free in North Carolina)
(919) 716-6400
www.ncdoj.gov
The UPS Store
Corporate Headquarters
6060 Cornerstone Court West
San Diego, CA 92121
No comments:
Post a Comment