The UPS Store Inc. said Wednesday that customer data at 51 of its franchised stores in 24 states may have been breached, although the situation is now contained and there is no evidence to date of fraud.
The San Diego-based company said in a statement that after receiving a government bulletin regarding a broad-based malware intrusion, it retained an information technology security firm, which discovered malware at the 51 locations.
Certain customers' information, including names, postal addresses, email addresses and payment card information, may have been exposed between Jan. 20 and Aug. 11, 2014, the company said in a statement. It said the malware was eliminated as of Aug. 11, and customers can now shop at the locations securely.
Each franchised location is individually owned and runs independent private networks that are not connected to other locations, the company said. It is a wholly owned subsidiary of Atlanta-based United Parcel Service Inc.
“I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers. At The UPS Store, the trust of our customers is of utmost importance,” said Tim Davis, president of The UPS Store, in a statement.
“As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident,” Mr. Davis said.
The company is offering an informational website, identity protection and credit monitoring series to customers whose information may have been compromised, it said in its statement.
Eden Prairie, Minnesota-based SuperValu Inc., a supermarket wholesaler and retailer reported last week that credit card data may have been stolen from 180 of its stores over a period of more than three weeks beginning in June, although there is no evidence to date that any of the data has been misused.