Yesterday UPS confirmed the perpetration of a security breach that may lead to the theft of its customers' credit and debit information. The breach was detected after the company analyzed its systems through an external security firm, which discovered malware on the company's in-store POS terminals at 51 locations across the country. The company has since released a list of the affected stores, which is available for viewing on its website.
Customers who used the credit card processing software at the relevant locations between January 20 and August 11 are urged to examine their bank statements and exercise vigilance until the danger has passed. As a sign of goodwill, UPS has offered to provide one year of free identity protection services to those clients who were directly exposed as a result of the breach.
This news comes amidst the ongoing investigation of the breach at Supervalu, a grocery store chain affiliated with Albertsons. The online publication Data Breach reports that experts are theorizing these incidents could be related as part of a larger hacking scheme perpetrated by an organized group of criminals who target vulnerabilities within credit card processing software. Most of the malware is built to attack Windows-based systems, so business owners are encouraged to update their POS terminals to guard against infiltration.
Financial fraud expert Avivah Litan notes, "It's apparent and evident to me that the hackers have compromised various retail point-of-sale vendor software in a big way, and the public is just hearing about this in dribs and drabs. At some point, hopefully, law enforcement will uncover the ring(s) behind this and put an end to it. Until then, payer beware. I think we have to assume a big portion of POS systems in this country are compromised, or will be in short order."
It has become more important than ever for companies to increase and monitor their security measures. Unfortunately, The New York Times recently reported that an astounding 22 percent of computer experts report that they do not regularly monitor their company databases.