Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Brown Breach.. . UPS SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Brown Breach.. . UPS
UPS stores infected with credit-card stealing malware

Responding to U.S. government warnings, UPS conducted an investigation that uncovered credit-card stealing malware infecting computers at 51 of its stores in 24 states.

In a letter [pdf] to customers, UPS said that personal information used to set up a MailBox Manager account between Jan. 20 and Aug. 11 at the affected stores may have been exposed. The personal information includes names, postal addresses, Social Security numbers and drivers' licenses, as well as credit card numbers if purchases were made during that period.

In a statement on its website, UPS said it was not aware of any fraud resulting from the breach, but it is offering identity protection and credit monitoring services to affected customers.

UPS said it hired an IT security firm to conduct an investigation. Based on the firm's findings, UPS has implemented system enhancements and antivirus updates.

The delivery firm stressed that the affected locations, which are franchises stores, only make up one percent of its 4,470 franchises stories in the United States.

A report by Ars Technica noted that the U.S. government warning cited by UPS appears to be the July bulletin issued by the US-CERT about the Backoff malware that steals credit card numbers from point-of-sale systems.

Aviv Raff, chief technology officer with security firm Seculert, commented in a statement emailed to FierceITSecurity: "This is another example of how persistent attackers were able to successfully plant their attack tool. Enterprises are now coming to a conclusion that they are either already compromised, or will soon be. It's not a matter of 'if', it's a matter of 'when'."

For more:
- read the Ars Technica report
- check out the UPS letter [pdf]
- see the UPS statement

The UPS Store, Inc. Notifies Customers Of Potential Data Compromise and Incident Resolution

San Diego, August 20, 2014

The UPS Store, Inc., among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion not identified by current anti-virus software. Upon receiving the bulletin, The UPS Store retained an IT security firm and conducted a review of its systems and the systems of its franchised center locations. The UPS Store discovered malware identified in the bulletin on systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States.

Based on the current assessment by The UPS Store and the IT security firm, certain customers' information, who used a credit or debit card at the 51 impacted franchised center locations between January 20, 2014 and August 11, 2014, may have been exposed. For most locations, the period of exposure to this malware began after March 26, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at all The UPS Store locations.

52 Posts

Sign Up for Free or Log In to start participating in the conversation!