UPS Store hit with malware attack in 51 franchised locations

The attack affected customers in 24 states, but was limited because UPS Store franchised locations run on isolated networks.

UPS said Wednesday that 51 of its franchised stores were hit with a malware attack that put customer credit and debit card data at risk from Jan. 20 to August 11.

In a statement, UPS Store said that it was hit with a broad malware attack that anti-virus software didn't pick up. UPS Store was notified by federal investigators and then reviewed its systems.


The company said it found the malware on its systems in 51 locations in 24 states. That sum equates to 1 percent of UPS Store's 4,470 franchised locations. UPS' corporate systems weren't impacted.

As a result, customers who used credit or debit cards at those 51 stores may be exposed to fraud. Customer information that may have been exposed to criminals include names, addresses, email addresses and payment card data. Customers affected can receive identity protection and credit monitoring services on UPS Store.

UPS Store said the malware was eliminated Aug. 11. UPS Store said that its franchised locations are individually owned and run on private networks that aren't connected.

According to a list of impacted stores, most of the attacks kicked off in April.

Retailers have been repeatedly hit with malware attacks. Target's data breach has been the most high profile and will cost the company at least $111 million.