+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

UPS: 1% Of Our US Stores Were Hacked

Aug 21, 2014, 14:26 IST

Daniel Goodman / Business Insider

The United States Postal Service said on Wednesday that 51 of its UPS Store locations were targeted by hackers in an attack that spread across 24 states in the U.S. That's about 1% of its locations in the U.S.

Advertisement

Any customers who used a credit or debit card in UPS stores between Jan. 20 and Aug. 11 may have been exposed to the malware, which was found on the company's servers in the 51 franchise stores, The Financial Times reported. Names, postal addresses, email addresses, and card information are thought to be among the data that may have been exposed to hackers, UPS said in a statement.

The U.S. Department for Homeland Security contacted UPS to inform them of the data breach, and the company claimed that other retailers were also notified of the spread of a new type of malware being used to target U.S. retail locations. According to UPS, the malware was removed from systems on Aug. 11. Stores are now safe to shop in.

"Backoff" malware, which is the technology believed to be used in the UPS hack, works by extracting unencrypted data from the RAM of computers used in debit or credit card readers. Remote access tools like LogMeIn and Microsoft Remote Desktop are used to gain access to devices, and shared passwords across multiple retail locations mean that hackers can quickly access customer data in several states. The United States Computer Emergency Readiness Team sent out an alert to retailers on July 31 informing them of this new vulnerability.

Other retailers falling prey to this new wave of malware targeting credit card payments may hasten the adoption of chip-and-PIN technology, which is common in the rest of the word. After Target lost 110 million credit card numbers, the company began rushing to implement more secure chip-and-PIN technology in an attempt to safeguard company data.

Advertisement

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article