Did I bump my head and wake up in late 2013? Because it sure feels like deja vu with a slew of recent data breaches: Joining P.F. Chang’s, a group of supermarket chains and Community Health Systems in this month’s data breach roll call is United Parcel Service, which says 51 of its retail store locations had their computer systems hacked.
That breach may have exposed the credit and debit card information and postal and email addresses of customers at those stores in 24 states, reports the Associated Press, though UPS says no fraud has been linked to the attack yet.
A spokeswoman says a computer virus that isn’t identified by current anti-virus software was detected by a security firm it had hired, after UPS got a Department of Homeland Security bulletin about the malware on July 31 along with other retailers.
The malware is not identified by current anti-virus software, and may have been in place as early as January but probably didn’t start doing its dirty work until March or April, affecting about 1% of the company’s 4,470 franchised locations.
UPS says it’s still investigating how the breach happened, but that the problem was fixed by Aug. 11, and that the company took extra steps to make sure other stores’ systems weren’t at risk.
The company says it will provide identity protection and credit monitoring help to affected customers, who can go here for more information.
“The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information,” wrote the company in a public statement. “Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.”
UPS stores included in the attack are listed here, but the company says all locations are now safe for customers to shop.