The UPS Store announced Wednesday that 51 of its locations experienced a security breach that may have compromised customers’ personal information, including credit and debit card data.
There are 4,470 UPS franchised locations throughout the U.S., so the breach affected roughly 1% of stores. A list of the stores (the 51 locations are in 24 states) that experienced the malware intrusion is available on the UPS website, along with dates of when the intrusion occurred and when secure transactions were re-established. As of Aug. 11, all transactions at UPS locations are secure, according to a letter sent to customers posted on the UPS website. No fraud has yet been reported, but as a precaution, UPS is offering potentially affected customers free identity theft protection and credit monitoring for a year.
This attack is similar to the massive Target breach from last holiday season, when hackers infiltrated the point-of-sale system software and obtained customer data when people swiped their magnetic stripe payment cards at compromised terminals. The earliest evidence of the malware that affected UPS Stores dates back to Jan. 20, but the bulk of locations were affected after March 26.
What May Have Been Stolen
Potentially compromised customer data includes names, addresses, email addresses and credit or debit card information.
While the company said it isn’t aware of any fraud reports related to the breach, customers should review the list of affected stores and check their credit and debit card statements for suspicious activity. It’s probably unnecessary to go as far as requesting a new card, but customers should be extra vigilant for fraudulent charges in the wake of this breach. Given that some contact information was also potentially exposed, you should adopt a heightened sensitivity to seemingly legitimate emails asking for personal information.
“With the name and email address … you have to be careful. If you get email that appears to be from UPS, it may actually be from the hackers,” said Adam Levin, chairman and co-founder of Credit.com and IDT 911. “You have potential for a phishing breach, so you have to be looking over your shoulder for a long time.”
How You Should React
Hackers have continued to target retailers because infiltrating a point-of-sale system is easy money, Levin said. As a result, consumers need to habitually and carefully watch their account activity, because you could spot fraud before a company is aware or has notified customers of an attack.
Gone undetected, such fraud could seriously damage your credit score — bad credit can make it difficult to get a credit card, loan or affordable interest rates — and it may take a while to recover from the damage.
“Your score will take a hit if there’s enormous activity on your credit cards and you move closer to your credit limit,” Levin said. In addition to checking your card activity and taking advantage of transactional monitoring (which many banks, credit card issuers and credit unions offer for free), you can check your credit scores for signs of fraud like a large, unexpected score change. You can check two of your credit scores for free every month on Credit.com.
More on Identity Theft: