The United States Postal Service said on Wednesday that 51 of its UPS Store locations were targeted by hackers in an attack that spread across 24 states in the U.S. That’s about 1% of its locations in the U.S.
Any customers who used a credit or debit card in UPS stores between Jan. 20 and Aug. 11 may have been exposed to the malware, which was found on the company’s servers in the 51 franchise stores, The Financial Times reported. Names, postal addresses, email addresses, and card information are thought to be among the data that may have been exposed to hackers, UPS said in a statement.
The U.S. Department for Homeland Security contacted UPS to inform them of the data breach, and the company claimed that other retailers were also notified of the spread of a new type of malware being used to target U.S. retail locations. According to UPS, the malware was removed from systems on Aug. 11. Stores are now safe to shop in.
“Backoff” malware, which is the technology believed to be used in the UPS hack, works by extracting unencrypted data from the RAM of computers used in debit or credit card readers. Remote access tools like LogMeIn and Microsoft Remote Desktop are used to gain access to devices, and shared passwords across multiple retail locations mean that hackers can quickly access customer data in several states. The United States Computer Emergency Readiness Team sent out an alert to retailers on July 31 informing them of this new vulnerability.
Other retailers falling prey to this new wave of malware targeting credit card payments may hasten the adoption of chip-and-PIN technology, which is common in the rest of the word. After Target lost 110 million credit card numbers, the company began rushing to implement more secure chip-and-PIN technology in an attempt to safeguard company data.
Business Insider Emails & Alerts
Site highlights each day to your inbox.