UPS Discloses Breach at 51 Retail Stores
Financial Services // Other Critical Infrastructure // United States
The retailer came forward relatively quickly about a payment system hack that was discovered after UPS received a sectorwide, government-issued alert about a specific form of antivirus-proof infection.
UPS proactively hired a cyber firm to inspect all store systems “upon receiving the bulletin,” company officials said in a statement.
The malicious software to blame is believed to be Backoff, a “point-of-sale” infection that scrapes system memory for payment card data and logs keystrokes, according to a July 31 Homeland Security Department industry bulletin.
UPS found malware on systems at about 1 percent of its 4,470 locations.
Each franchise center uses a different network, company officials said.
Customer data that might have been compromised includes names, postal addresses, email addresses and payment card information.
Backoff works by “extracting unencrypted data from the RAM of computers used in debit or credit card readers,” Business Insider explains. “Remote access tools like LogMeIn and Microsoft Remote Desktop are used to gain access to devices, and shared passwords across multiple retail locations mean that hackers can quickly access customer data in several states.”