UPS says 51 stores infected with malware

The last year has been aggravating for many retail customers when it comes to privacy. In June, Dominos Pizza was hacked and no one can forget the 40 million credit card numbers stolen from Target as well. Now it has been revealed that an additional company has been targeted with malware and/or hacked.

UPS, the company known throughout the world as a delivery company and for its motto, "What can brown do for you?", revealed that malware was found in 51 stores across the United States. While this is only one percent of all 4,000-plus stores, this is definitely a hit to the company's reputation as a whole. UPS states that it found the breach while performing an audit using an outside IT firm.

According to UPS, the earliest evidence of the malware at a UPS Store is January 2014. The malware was discovered in early August and eliminated on August 11th, 2014; the date of exposure started on March 26th, 2014. UPS is providing several remedies to make the situation better for affected customers which includes identity protection and credit monitoring. Customers can view the details at the AllClearID website dedicated to the data breach. The identity protection is available starting August 20th, 2014 and lasts through August 20th, 2015. Customers can also contact UPS at their phone number listed on the UPS site. 

Source: UPS  | Image Courtesy of Wikipedia

Report a problem with article
Previous Story

Windows 8.1 'August Update' BSODs affected less than 0.01% of users

Next Story

Google's newest acquisition will help it design balloons, contact lenses, and more

27 Comments

Commenting is disabled on this article.

Great... lucky I guess... my store is on the list. :|

That being said - I do not understand why the local store would even keep stuff like credit card information?

eddman said,
That's one old ass truck/van. Do they really use such old vehicles in their fleet?

huh? almost every UPS truck in my area I've ever seen looks like that to this day

If it goes safely and reliably from point A to point B, whatever works. Don't need to buy new trucks every couple of years, wouldn't help their prices much.

neufuse said,

That's still the current design EXCEPT in Europe where they use Mercedes Chaises which they gave a more rounded design to and the brand new natural gas models are mode rounded but both those designs are relatively new within the last 10yrs

Surely those trucks are using modern engines, right? I guess it's ok to use a 50 year old external design, but I don't see how a half-a-century engine design can pass today's strict standards.

eddman said,

Surely those trucks are using modern engines, right? I guess it's ok to use a 50 year old external design, but I don't see how a half-a-century engine design can pass today's strict standards.

It's just a body, everything inside is modern... should box trucks which look the same be considered not modern too?

We're running most of our machines on XP due to the software we use for our business and we have none, zip, nada issues. Your point being?

alwaysonacoffebreak said,
We're running most of our machines on XP due to the software we use for our business and we have none, zip, nada issues. Your point being?

My point was I keep wondering how many of these fine businesses are still running XP.

I thought I said that.

TheExperiment said,
I keep wondering how many of these fine businesses are still running XP.

It wouldn't make any difference if they were running Windows 8. Malware is so prevalent on Windows that any version is easily compromised.

simplezz said,
Malware is so prevalent on Windows that any version is easily compromised.

And yet there's installations that go for years without seeing it once.

It's really simple. Proper administration and training, making sure stuff that's notoriously vulnerable is up to date (or not present at all.. does a POS even need Flash? Doubtful...) and so on. Willing to bet real money this was caused by a reckless employee who was messing around on the internet with a poorly secured system.

Or, if we're turning this isn't an OS pissing contest, let's look at how many times Linux systems get hacked over the years too due to.. well I'll be.. running outdated and insecure software, poor administration and training, and so on. Sound familiar?

simplezz said,

It wouldn't make any difference if they were running Windows 8. Malware is so prevalent on Windows that any version is easily compromised.
That still doesn't stop him from wondering.

Max Norris said,

It's really simple. Proper administration and training, making sure stuff that's notoriously vulnerable is up to date (or not present at all.. does a POS even need Flash? Doubtful...) and so on.

But that's the problem. Windows doesn't have proper package management tools. You can't update the whole system at once. Consequently, third party software is left to rot and leaves the system open to another attack vector.

Max Norris said,

Willing to bet real money this was caused by a reckless employee who was messing around on the internet with a poorly secured system.

How would it infect 51 stores though if it was just one employee? Seems more likely that your first assessment was correct. That either some third party software was not updated, or possibly a flaw in the base OS. Either way, it just once again proves how insecure Windows is.

Businesses that care about losing productivity, time, and money shouldn't be using an insecure OS. They only have themselves to blame in this instance.

Max Norris said,

Or, if we're turning this isn't an OS pissing contest, let's look at how many times Linux systems get hacked over the years too due to.. well I'll be.. running outdated and insecure software, poor administration and training, and so on. Sound familiar?

No system is perfect, that I acknowledge. But you have to admit, this kind of thing is a weekly occurrence on Windows machines. Not having a proper package management system is really hurting the security of Microsoft's platform.

If they had used a hardened GNU/Linux distribution, this wouldn't have happened. A system update does just that, it updates the entire system, including non-base OS software.

simplezz said,
But that's the problem. Windows doesn't have proper package management tools. You can't update the whole system at once. Consequently, third party software is left to rot and leaves the system open to another attack vector.

And yet that's still not enough. Just look at how many systems are still vulnerable to Heartbleed for a good example of why the end user is still the biggest security flaw in an operating system. And that's just one example. Nice on paper, but reality says other wise. Doesn't work when people don't actually do it.

simplezz said,
That either some third party software was not updated, or possibly a flaw in the base OS. Either way, it just once again proves how insecure Windows is.

Well if we're going to compare how many flaws an OS has, I can do that too. Just looking at the vulnerability databases, you'll see both Java and Flash rank super high (hint, not a Microsoft product and not unique to Windows), and oh dear, Linux has a lot more cases. For 2013, Windows 7 is at #13, Windows 8 at #27, JDK/JRE taking #2 and #3.. and oh look, Linux, #1.

simplezz said,
No system is perfect, that I acknowledge. But you have to admit, this kind of thing is a weekly occurrence on Windows machines. Not having a proper package management system is really hurting the security of Microsoft's platform.

And it's also a weekly (if not more) on Linux systems too. Don't need to look further than the news.

simplezz said,
If they had used a hardened GNU/Linux distribution, this wouldn't have happened. A system update does just that, it updates the entire system, including non-base OS software.

Really? What's kernel.org's excuse then when they got the Phalanx rootkit?

Sorry.. it still boils down to poor administration, careless users, and oh I don't know, the bad guys crafting their malware to attack a specific target, namely these POS systems?

Running for several months.. some fine system administration there.

Edit: Reading up on the alleged culprit, Backoff... takes over Flash and Java. Yea, not surprised.

Edited by Max Norris, Aug 22 2014, 9:00pm :

Wish Companies would place more restrictions on their Networks to stop persons going into Porn sites, installing Unauthorised software, or even allowing Personal Storage devices on the Workstations, or opening attachments from emails
Now Companies like this one , will now try to charge more to the sender, to make up loses from their own stuff up ...sigh, get some real IT People that can get the job done correctly

/Rant

Edit: Educate the workers on the Dangers of Computers, might add a little time and Money, but it will also save you a lot $$$ in the long run

Edited by EvilAstroboy, Aug 22 2014, 9:56pm :