Big Brown just announced a big bummer; customers who paid with a credit card at 51 UPS Store locations may be exposed to cyber theft of personal information and credit card credentials.
By the numbers, it's 51 stores in 24 states, and a base of 105,000 transactions between January 20 and August 11 of this year.
The data potentially stolen includes names, addresses, emails and payment card details. Not all of this information may have been exposed for each customer, according to the company.
UPS said it received a government bulletin recently that warned about a broad-based malware intrusion that could do an end-run around current anti-virus software. The bad code was aimed at many U.S. retailers.
UPS recruited the services of an IT security firm, which found the identified malware in systems at 51 locations. The company operates a total of 4,470 franchised locations.
Although the beginning date of exposure was determined to be January 20, UPS states the majority of the intrusions occurred after March 26.
Regardless of the initial exposure date, the company said it completely and successfully removed the malware on August 11, and said customers are no longer exposed to any risk by shopping at UPS Stores.
Speaking for the company was Tim Davis, president of The UPS Store. Davis said, "I understand this type of incident can be disruptive and can cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store the trust of our customers is of utmost importance. As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate the issue."
The company also claimed that since The UPS Stores are a franchised, individually owned business, there was no possibility the malware could have been found on systems operated by any other UPS business unit.
They also reported no evidence of fraud, and said they will offer an information website, and complimentary identity protection and credit monitoring services to any customers concerned about possible exposure.
The 24 states in which malware was detected include Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia and Washington.
For a complete list of locations and exposure periods in these states, please go here.