United Parcel Service Inc. reported a security breach at 51 of its branches across 24 states in the U.S.
The security breach compromised information on over 100,000 transactions made by customers from January to August. Hackers may have stolen the credit and debit data of the affected customers.
As per Chelsea Lee, a spokeswoman for the company, the UPS began to investigate its system on July 31 for signs of breaches in security, after The New York Times revealed that the Department of Homeland Security and the Secret Service would be sending out warnings to retail companies of hacker activities that were scanning corporate networks for remote access functions, then injecting non-detectable malware into the compromised systems.
UPS tapped an information security company for the investigation, which found out that the reported malware was already embedded on its cash register systems on 51 branches.
The company said that the malware has been removed since Aug. 11. However, the company warns customers that used their debit cards or credit cards at the affected stores from Jan. 20 to Aug. 11 of the possible exposure of their data to the malware attack, though exposure started after March 26 in most instances.
UPS listed down the compromised branches on its website. UPS said that it will offer a year's worth of free services for identity protection and credit monitoring to all the customers that may have had their data compromised by the security breach.
"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store, the trust of our customers is of utmost importance," said The UPS Store President Tim Davis in a statement. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue."
The security breach on the UPS systems, however, will not have a material impact on the financial standing of the company, Lee said.
The hacker attack on UPS is not as massive as the attack that was launched on retail company Target during the holiday season between Nov. 27 and Dec. 15 of last year, where about 40 million Target customers in 1,917 stores had their personal identification numbers for their debit cards and credit cards stolen.
The data breach caused Target's fourth quarter net earnings to fall 46 percent after an estimated loss of $450 million from the hacker attacks.