Cyber Incident Victim: United Parcel Service

The UPS Store experienced a cybersecurity breach affecting point-of-sale systems in at least 51 franchised locations across 24 U.S. states. Malware was installed on the company's computer networks, enabling unauthorized access to customer payment card data between January 20 and August 11, 2014. The company disclosed the incident on August 20, 2014, after being alerted to suspicious activity by U.S. government authorities. Forensic investigators determined the malware harvested customer names, physical addresses, email addresses, and payment card information including card numbers, expiration dates, and security codes from cards used during transactions at compromised locations. The breach persisted for approximately seven months before being fully contained on August 11 when the company completed malware removal across all affected systems.

The UPS Store president confirmed the breach impacted a limited subset of franchised stores rather than the entire corporate network, though specific store locations were not publicly identified. Affected customers were offered free identity protection services including credit monitoring, though the exact number of compromised accounts remained undisclosed. This incident occurred amid a series of high-profile retail breaches in 2014, including attacks against Target, Michaels, Neiman Marcus, and P.F. Chang's that collectively exposed over 110 million payment records. The company maintained transactional systems for shipping services operated separately from retail point-of-sale systems were unaffected by this breach. No evidence suggested fraudulent use of stolen data at the time of disclosure, though the company advised customers to monitor financial statements for unauthorized activity.