Home
 

 

 white space

The UPS Store Security Update

 
 

The UPS Store, Inc. recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. The UPS Store takes seriously its responsibility to protect customer information and immediately launched an internal review, implemented system enhancements and engaged an IT security firm.

 

An assessment by The UPS Store and the IT security firm revealed the presence of this malware on computer systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. Based on the current assessment, the earliest evidence of the presence of this malware at any location is January 20, 2014. For most The UPS Store locations, based on our current assessment, the period of exposure to this malware began after March 26, 2014. This malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.

 

We apologize for any inconvenience and impact this incident may have had on our customers. The UPS Store is offering identity protection and credit monitoring services to impacted customers.  In order to take advantage of this service, please visit https://theupsstore.allclearid.com.  In addition, customers are encouraged to closely monitor their card account activity and take other steps to help protect themselves outlined in the customer letter below.  The UPS Store representatives are available at 1-855-731-6016 for additional assistance.

 

The impacted center locations, along with the timeframe for potential exposure to this malware at each location, follows this statement.

 

white space
Arizona Malware Intrusion Date Secure Transaction Date
10645 North Tatum Boulevard, Suite 200 Phoenix AZ 85028

04.29.2014

08.11.2014

5402 East Lincoln Drive Scottsdale AZ 85253

01.26.2014

08.11.2014

500 North Estrella Parkway Suite #B2 Goodyear AZ 85338

01.26.2014

08.11.2014

3800 West Starr Pass Boulevard Tucson AZ 85745

01.26.2014

08.11.2014

california
3419 East Chapman Drive Orange CA 92869

04.29.2014

08.11.2014

25A Crescent Drive Pleasant Hill CA 94523

04.29.2014

08.11.2014

1608 West Campbell Avenue Campbell CA 95008-1535

07.01.2014

08.11.2014

3230 Arena Boulevard Suite 245 Sacramento CA 95834

04.29.2014

08.11.2014

Colorado
3124 South Parker Road #A2 Aurora CO 80014

03.26.2014

08.11.2014

5910 South University Boulevard Suite C-18 Greenwood Village CO 80121-2879

04.29.2014

08.11.2014

12081 West Alameda Parkway Lakewood CO 80228

04.29.2014

08.11.2014

Connecticut
35 East Main Street Avon CT 06001

03.28.2014

08.11.2014

1131 Tolland Turnpike Suite O Manchester CT 06042-1679

07.01.2014

08.11.2014

Florida
2910 Kerry Forest Parkway D4 Tallahassee FL 32309

01.20.2014

08.11.2014

1400 Village Square Boulevard #3 Tallahassee FL 32312-1231

01.20.2014

08.11.2014

Georgia
2700 Braselton Highway Suite #10 Dacula GA 30019-3207

04.29.2014

08.11.2014

1353 Riverstone Parkway Suite 120 Canton GA 30114-5622

04.29.2014

08.11.2014

1029 Peachtree Parkway North Peachtree City GA 30269-4210

04.29.2014

08.11.2014

6361 Talokas Lane, Suite C140 Columbus GA 31909

01.26.2014

08.11.2014

Idaho
6700 North Linder Road Suite 156A Meridian ID 83642

04.29.2014

08.11.2014

Illinois
2033 North Milwaukee Avenue Riverwoods IL 60015

07.01.2014

08.11.2014

276 East Deerpath Road Lake Forest IL 60045

03.26.2014

08.11.2014

Louisiana
17732 Highland Road Suite G Baton Rouge LA 70810-3813

04.29.2014

08.11.2014

Maryland
10816 Town Center Boulevard Dunkirk MD 20754-3008

04.29.2014

08.11.2014

Nebraska
4089 South 84th Street Omaha NE 68127

07.01.2014

08.11.2014

Nevada
5575 Simmons Street Unit 1 North Las Vegas NV 89031

04.29.2014

08.11.2014

2657 Windmill Parkway Henderson NV 89074

07.01.2014

08.11.2014

7435 South Eastern Avenue Suite 105 Las Vegas NV 89123

07.01.2014

08.11.2014

561 Keystone Avenue Reno NV 89503

04.29.2014

08.11.2014

New Jersey
1385 Highway 35 Middletown NJ 07748

04.29.2014

08.11.2014

1409 Marlton Pike Route 70 East, Suite 168 Cherry Hill NJ 08034

04.29.2014

08.11.2014

201 Strykers Road, Suite 19 Lopatcong NJ 08865

04.29.2014

08.11.2014

New York
420 South Riverside Avenue Croton On Hudson NY 10520-3029

04.29.2014

08.11.2014

2520 Vestal Parkway East Suite 2 Vestal NY 13850

04.29.2014

08.11.2014

2316 Delaware Avenue Buffalo NY 14216

04.29.2014

08.11.2014

North Carolina
6409 Fayeteville Road, Suite 120 Durham NC 27713

04.29.2014

08.11.2014

2217 Matthews Township Parkway, Suite D Matthews NC 28105-4819

04.29.2014

08.11.2014

1639 US Highway 74A Bypass Spindale NC 28160

07.01.2014

08.11.2014

217 Paragon Parkway Clyde NC 28721

04.29.2014

08.11.2014

North Dakota
387 15th Street West Dickinson ND 58601

03.26.2014

08.11.2014

Ohio
829 Bethel Road Columbus OH 43214-1903

04.29.2014

08.11.2014

Oklahoma
1006 West Taft Street Sapulpa OK 74066

04.29.2014

08.11.2014

Pennsylvania
322 Mall Boulevard Monroeville PA 15146-2229

07.01.2014

08.11.2014

512 Northampton Edwardsville PA 18704

04.29.2014

08.11.2014

South Dakota
2601 South Minnosota Avenue Suite 105 Sioux Falls SD 75105

07.01.2014

08.11.2014

Tennessee
115 Penn Warren Drive #300 Brentwood TN 37027-5054

04.29.2014

08.11.2014

1138 North Germantown Parkway Suite 101 Cardova TN 38016

04.29.2014

08.11.2014

Texas
2201 Long Prairie, Suite 107 Flower Mound TX 75022

04.29.2014

08.11.2014

5605 FM 423, Suite 500 Frisco TX 75034

04.29.2014

08.11.2014

Virginia
3445 Seminole Trail Route 29 North Charlottesville VA 22911-7593

04.29.2014

08.11.2014

Washington
1400 West Washington Stree Suite 104 Sequim WA 98382-7242

04.29.2014

08.11.2014

 

   Frequently Asked Questions  
 

 

What happened?

 

How many UPS Stores were affected?

 

When did this occur and how many customers were impacted?

 

What information was exposed?

 

What action should I take?

 

What actions has The UPS Store taken in response to the incident?

 

Is it safe for The UPS Store customers to use their credit cards?

 

Does this impact UPS corporate or other The UPS Store center locations?

 

Where should I go for updates?

 

What protection is The UPS Store offering affected customers?

 

Will The UPS Store contact me if my credit card was involved?

 

 

What happened?

The UPS Store Inc. has confirmed that a malware intrusion impacted 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. The UPS Store worked closely with an IT security firm to resolve the issue. The malware has been eliminated from the 51 impacted locations, as of August 11, and customers can shop securely at The UPS Store. We take our responsibility to protect customer information seriously and apologize for any inconvenience and impact this has had on our customers.

 

How many UPS Stores were affected?  

At this time, the UPS Store and our IT security firm believe this malware intrusion on our systems impacted 51 locations in 24 states (about 1%) of 4,470 centers throughout the United States.

 

When did this occur and how many customers were impacted?

Based on the current assessment, the earliest evidence we have of malware present on a center’s systems is January 20, 2014. For some center locations, based on our assessment, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.

 

What information was exposed?

Customer information may have been exposed as a result of this malware intrusion. The customer information that may have been exposed includes customers’ names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for The UPS Store customers who used a credit or debit card at an impacted location during this period. At this time, we are not aware of any reports of fraud associated with the potential data compromise.

 

What action should I take?

At this time, we are not aware of any reports of fraud associated with the malware intrusion.  However as the trust of our customers is of the utmost importance, we are notifying potentially impacted customers. We encourage customers to closely monitor their card account activity and report any concerns to their bank or card issuer. The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question.

 

What actions has The UPS Store taken in response to the incident?

The UPS Store has committed extensive resources in response to the malware incident and a number of important steps have been taken — most importantly, eliminating the malware from systems at the 51 impacted locations — with the goal of ensuring our customers remain confident about doing business with The UPS Store centers. 

 

Is it safe for The UPS Store customers to use their credit cards?

Yes. We have eliminated this malware from systems in place at 51 affected franchised center locations. Our first priority is serving our customers. We know it is our responsibility to protect customer information and we have taken a number of steps to ensure that customers can remain confident about doing business with The UPS Store centers network.

 

Does this impact UPS corporate or other The UPS Store center locations?

No. Each The UPS Store location is individually-owned and runs an independent private network.  The malware was isolated to those locations.

 

Where should I go for updates?

We encourage you to check http://theupsstore.com, or https://theupsstore.allclearid.com for updates. If you have additional questions, you may also call 1-855-731-6016.

 

What protection is The UPS Store offering affected customers?

The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question. In order to take advantage of this service, please visit https://theupsstore.allclearid.com. The UPS Store representatives are available at 1-855-731-6016 for additional assistance.

 

Will The UPS Store contact me if my credit card was involved?

No, The UPS Store does not have sufficient customer information to contact potentially affected customers directly. We have created this website as a resource for potentially affected customers, to determine if they may have used a credit or debit card at one of the affected UPS Store locations during the designated timeframe, and have provided broad public notification about the incident through the media.

 

 

 

Letter from our president

 

The UPS Store logo - letterhead

 

 

 

 

The UPS Store

Corporate Headquarters

6060 Cornerstone Court West

San Diego, CA 92121

 

To our Valued Customers:

 

The UPS Store, Inc. (“The UPS Store”), among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. Upon receiving the bulletin, we retained an IT security firm and conducted a review of our systems and the systems of our franchised center locations. We discovered the malware present at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. As part of our response to this incident, we have implemented various system enhancements and antivirus updates. 

  

Based on our current assessment, we believe that information of The UPS Store customers who made credit and debit card purchases at the impacted franchised center locations between January 20, 2014 and August 11, 2014 may have been exposed. For some center locations, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and you can shop securely at The UPS Store. The customer information that may have been exposed includes customers’ names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer.

 

Your trust is important to us. Based on the investigation, we feel it is critical to notify our customers of the potential data compromise. We are offering identity protection and credit monitoring services to those customers who made a purchase at one of the impacted locations during the applicable time period. To learn more about identity protection and credit monitoring services and for further information on the impacted store locations, as well as the timeframe for potential exposure to this malware at impacted locations, please visit https://theupsstore.allclearid.com.

 

We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your credit or debit card was impacted by this incident, you should immediately contact your payment card issuer or bank.

 

If you have any additional questions, please call us at 1-855-731-6016.

  

Please know we take our responsibility to protect customer information seriously and have committed extensive resources to addressing this incident. We understand this type of incident can be disruptive and apologize for any anxiety this may have caused.

 

Sincerely,

Tim Davis - Signature

Tim Davis

President of The UPS Store, Inc.

 

 

 

 Additional Information

 

Order Your Free Credit Report

To order your free credit report, visit www.annualcreditreport.com, call toll-free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

 

We recommend that you remain vigilant by reviewing your credit reports. When you receive your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you haven’t requested credit. Some companies bill under names other than their store or commercial names. The credit bureau will be able to tell you when that is the case. Look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security number). If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors in this information may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Credit bureau staff will review your report with you. If the information can’t be explained, then you will need to call the creditors involved. Information that can’t be explained also should be reported to your local police or sheriff’s office because it may signal criminal activity.

 

Reporting Incidents

If you detect any incident of identity theft or fraud, promptly report the incident to law enforcement or your state Attorney General. If you believe your identity has been stolen, the FTC recommends that you take these additional steps:

  • Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the FTC’s ID Theft Affidavit (available at www.ftc.gov/idtheft) when you dispute new unauthorized accounts.
  • File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime.

 

You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft:

Federal Trade Commission

Consumer Response Center

600 Pensylvania Avenue, NW

Washington, DC 20580

1-877-IDTHEFT (438-4338)

www.ftc.gov/idtheft

 

 

Identity Protection Services

The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them.  Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid.com for further information about these services.

 

AllClear SECURE: The team at AllClear ID is ready and standing by if you need help protecting your identity. This protection is automatically available to you with no enrollment required.  If a problem arises, simply call 1-855-731-6016 and a dedicated investigator will do the work to recover financial losses, restore your credit and make sure your identity is returned to its proper condition.  AllClear maintains an A+ rating at the Better Business Bureau.

 

AllClear PRO: This service offers additional layers of protection including credit monitoring. For a child under 18 years old, AllClear ID ChildScan identifies fraud by searching various databases for evidence of misuse of the child’s information. To use the PRO service, you will need to provide your personal information to AllClear ID. You may sign up online at enroll.allclearid.com or by phone by calling 1-855-731-6016 using the redemption code received when registering for the AllClear PRO service.  Please note: Additional steps may be required by you in order to activate your phone alerts. The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them.  Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid.com for further information about these services. 

 

Consider Placing a Fraud Alert on Your Credit File

To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect you against the possibility of an identity thief opening new credit accounts in your name. When a merchant checks the credit history of someone applying for credit, the merchant gets a notice that the applicant may be the victim of identity theft. The alert notifies the merchant to take steps to verify the identity of the applicant. You can place a fraud alert on your credit report by calling any one of the toll-free numbers provided below. You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three credit bureaus.

 

 

Equifax

Equifax Credit Information Services, Inc.

P.O. Box 740241

Atlanta, GA 30374

 

1-800-525-6285

www.equifax.com

 

 

Experian

Experian, Inc.

P.O. Box 9554

Allen, TX 75013

 

1-888-397-3742

www.experian.com

 

 

TransUnion

TransUnion, LLC.

P.O. Box 2000

Chester, PA 19022-2000

 

1-800-680-7289

www.transunion.com

 

 

Consider Placing a Security Freeze on Your Credit File

You may wish to place a “security freeze” (also known as a “credit freeze”) on your credit file. A security freeze is designed to prevent potential creditors from accessing your credit file at the credit bureaus without your consent. There may be fees for placing, lifting, and/or removing a security freeze, which generally range from $5-$20 per action. Unlike a fraud alert, you must place a security freeze on your credit file at each credit bureau individually. For more information on security freezes, you may contact the three nationwide credit bureaus or the FTC as described above. Since the instructions for establishing a security freeze differ from state to state, please contact the three nationwide credit bureaus to find out more information.

 

The credit bureaus may require proper identification prior to honoring your request. For example, you may be asked to provide:

Your full name with middle initial and generation (such as Jr., Sr., II, III)

Your Social Security number

Your date of birth

Proof of your current residential address (such as a current utility bill)

Addresses where you have lived over the past five years

A legible copy of a goverment-issued identification card (such as a state driver's license or military ID card)

 

  

For Maryland Residents

You can obtain information from the Maryland Office of the Attorney General about steps you can take to avoid identity theft. You may contact the Maryland Attorney General at: 

 

Maryland Office of the Attorney General

Consumer Protection Division

200 St. Paul Place

Baltimore, MD 21202

(888) 743-0023 (toll-free in Maryland)

(410) 576-6300

www.oag.state.md.us

 

 

For North Carolina Residents

You can obtain information from the North Carolina Attorney General’s Office about preventing identity theft. You can contact the North Carolina Attorney General at:

 

North Carolina Attorney General's Office

9001 Mail Service Center

Raleigh, NC 27699-9001

(877) 566-7226 (toll-free in North Carolina)

(919) 716-6400

www.ncdoj.gov