Bad news for certain customers of The UPS Store: the company's customer-information databases have been hacked.
The company website released information on Wednesday, discussing what it calls a “Data Security Incident”:
The UPS Store, Inc. recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. … An assessment by The UPS Store and the IT security firm revealed the presence of this malware on computer systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. Based on the current assessment, the earliest evidence of the presence of this malware at any location is January 20, 2014. For most The UPS Store locations, based on our current assessment, the period of exposure to this malware began after March 26, 2014. This malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.
The website also lists the exact store locations affected, as well as the “Malware Intrusion Date” and “Secure Transaction Date” for each one. If you have bought goods or services at any UPS Store earlier this year, you should definitely check the list to see if “your” store was hacked. If so, what should you do?
The UPS Store is offering credit monitoring and identity-protection services at https://theupsstore.allclearid.com and advises customers seeking assistance to call 1-855-731-6016.
Company president Tim Davis also posted a letter on the same webpage, admitting that “The UPS Store customers who made credit and debit card purchases at the impacted franchised center locations between January 20, 2014 and August 11, 2014 may have been exposed. … includ[ing] customers’ names, postal addresses, email addresses and payment card information.”
If you've bought anything at one of the affected locations during the listed time frames, you need to carefully monitor activity on all of your accounts as well as your credit report.