About 51 UPS stores in 24 states have had their customers' credit and debit card information exposed by a computer virus found on their systems, the Associated Press reported. Information includes names, card numbers, postal and email addresses from about 100,000 transactions between Jan. 20 and Aug. 11, a spokeswoman for UPS said.
After receiving a Department of Homeland Security bulletin about the malware on July 31, United Parcel Service Inc. became aware on Wednesday of having been attacked among other U.S. retailers. However, the malware is not identified by current anti-virus software and the company is not aware of any fraud related to the attack, spokeswoman Chelsea Lee said.
The virus was discovered in systems at about 1 percent of the company's 4,470 franchised locations after a security firm was hired by an Atlanta-based UPS store. But at many stores, the intrusion did not begin until March or April.
"Lee said that the problem was fixed by Aug. 11 and the company took additional steps to protect systems at other stores," the AP reported. "She said the affected stores were not linked electronically, and UPS is still investigating how they were compromised."
"UPS said it is providing identity protection and credit monitoring help to affected customers."
The affected stores were in Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia and Washington.
Meanwhile, the breach appeared far smaller than one that hit Target Corp. during the holiday-shopping season, when hackers stole credit and debit card information involving millions of customers. Fallout from the incident is still hurting profits, with Target claiming Wednesday that second-quarter profit fell 62 percent. It has also spent $235 million related to the breach, partly offset by $90 million in insurance payments.