The UPS Store Security Update The UPS Store, Inc. recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. The UPS Store takes seriously its responsibility to protect customer information and immediately launched an internal review, implemented system enhancements and engaged an IT security firm. An assessment by The UPS Store and the IT security firm revealed the presence of this malware on computer systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. Based on the current assessment, the earliest evidence of the presence of this malware at any location is January 20, 2014. For most The UPS Store locations, based on our current assessment, the period of exposure to this malware began after March 26, 2014. This malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store. We apologize for any inconvenience and impact this incident may have had on our customers. The UPS Store is offering identity protection and credit monitoring services to impacted customers. In order to take advantage of this service, please visit https://theupsstore.allclearid. In addition, customers are encouraged to closely monitor their card account activity and take other steps to help protect themselves outlined in the customer letter below. The UPS Store representatives are available at 1-855-731-6016 for additional assistance. The impacted center locations, along with the timeframe for potential exposure to this malware at each location, follows this statement. white space Arizona Malware Intrusion Date Secure Transaction Date 10645 North Tatum Boulevard, Suite 200 Phoenix AZ 85028 04.29.2014 08.11.2014 5402 East Lincoln Drive Scottsdale AZ 85253 01.26.2014 08.11.2014 500 North Estrella Parkway Suite #B2 Goodyear AZ 85338 01.26.2014 08.11.2014 3800 West Starr Pass Boulevard Tucson AZ 85745 01.26.2014 08.11.2014 california 3419 East Chapman Drive Orange CA 92869 04.29.2014 08.11.2014 25A Crescent Drive Pleasant Hill CA 94523 04.29.2014 08.11.2014 1608 West Campbell Avenue Campbell CA 95008-1535 07.01.2014 08.11.2014 3230 Arena Boulevard Suite 245 Sacramento CA 95834 04.29.2014 08.11.2014 Colorado 3124 South Parker Road #A2 Aurora CO 80014 03.26.2014 08.11.2014 5910 South University Boulevard Suite C-18 Greenwood Village CO 80121-2879 04.29.2014 08.11.2014 12081 West Alameda Parkway Lakewood CO 80228 04.29.2014 08.11.2014 Connecticut 35 East Main Street Avon CT 06001 03.28.2014 08.11.2014 1131 Tolland Turnpike Suite O Manchester CT 06042-1679 07.01.2014 08.11.2014 Florida 2910 Kerry Forest Parkway D4 Tallahassee FL 32309 01.20.2014 08.11.2014 1400 Village Square Boulevard #3 Tallahassee FL 32312-1231 01.20.2014 08.11.2014 Georgia 2700 Braselton Highway Suite #10 Dacula GA 30019-3207 04.29.2014 08.11.2014 1353 Riverstone Parkway Suite 120 Canton GA 30114-5622 04.29.2014 08.11.2014 1029 Peachtree Parkway North Peachtree City GA 30269-4210 04.29.2014 08.11.2014 6361 Talokas Lane, Suite C140 Columbus GA 31909 01.26.2014 08.11.2014 Idaho 6700 North Linder Road Suite 156A Meridian ID 83642 04.29.2014 08.11.2014 Illinois 2033 North Milwaukee Avenue Riverwoods IL 60015 07.01.2014 08.11.2014 276 East Deerpath Road Lake Forest IL 60045 03.26.2014 08.11.2014 Louisiana 17732 Highland Road Suite G Baton Rouge LA 70810-3813 04.29.2014 08.11.2014 Maryland 10816 Town Center Boulevard Dunkirk MD 20754-3008 04.29.2014 08.11.2014 Nebraska 4089 South 84th Street Omaha NE 68127 07.01.2014 08.11.2014 Nevada 5575 Simmons Street Unit 1 North Las Vegas NV 89031 04.29.2014 08.11.2014 2657 Windmill Parkway Henderson NV 89074 07.01.2014 08.11.2014 7435 South Eastern Avenue Suite 105 Las Vegas NV 89123 07.01.2014 08.11.2014 561 Keystone Avenue Reno NV 89503 04.29.2014 08.11.2014 New Jersey 1385 Highway 35 Middletown NJ 07748 04.29.2014 08.11.2014 1409 Marlton Pike Route 70 East, Suite 168 Cherry Hill NJ 08034 04.29.2014 08.11.2014 201 Strykers Road, Suite 19 Lopatcong NJ 08865 04.29.2014 08.11.2014 New York 420 South Riverside Avenue Croton On Hudson NY 10520-3029 04.29.2014 08.11.2014 2520 Vestal Parkway East Suite 2 Vestal NY 13850 04.29.2014 08.11.2014 2316 Delaware Avenue Buffalo NY 14216 04.29.2014 08.11.2014 North Carolina 6409 Fayeteville Road, Suite 120 Durham NC 27713 04.29.2014 08.11.2014 2217 Matthews Township Parkway, Suite D Matthews NC 28105-4819 04.29.2014 08.11.2014 1639 US Highway 74A Bypass Spindale NC 28160 07.01.2014 08.11.2014 217 Paragon Parkway Clyde NC 28721 04.29.2014 08.11.2014 North Dakota 387 15th Street West Dickinson ND 58601 03.26.2014 08.11.2014 Ohio 829 Bethel Road Columbus OH 43214-1903 04.29.2014 08.11.2014 Oklahoma 1006 West Taft Street Sapulpa OK 74066 04.29.2014 08.11.2014 Pennsylvania 322 Mall Boulevard Monroeville PA 15146-2229 07.01.2014 08.11.2014 512 Northampton Edwardsville PA 18704 04.29.2014 08.11.2014 South Dakota 2601 South Minnosota Avenue Suite 105 Sioux Falls SD 75105 07.01.2014 08.11.2014 Tennessee 115 Penn Warren Drive #300 Brentwood TN 37027-5054 04.29.2014 08.11.2014 1138 North Germantown Parkway Suite 101 Cardova TN 38016 04.29.2014 08.11.2014 Texas 2201 Long Prairie, Suite 107 Flower Mound TX 75022 04.29.2014 08.11.2014 5605 FM 423, Suite 500 Frisco TX 75034 04.29.2014 08.11.2014 Virginia 3445 Seminole Trail Route 29 North Charlottesville VA 22911-7593 04.29.2014 08.11.2014 Washington 1400 West Washington Stree Suite 104 Sequim WA 98382-7242 04.29.2014 08.11.2014 Frequently Asked Questions What happened? How many UPS Stores were affected? When did this occur and how many customers were impacted? What information was exposed? What action should I take? What actions has The UPS Store taken in response to the incident? Is it safe for The UPS Store customers to use their credit cards? Does this impact UPS corporate or other The UPS Store center locations? Where should I go for updates? What protection is The UPS Store offering affected customers? Will The UPS Store contact me if my credit card was involved? What happened? The UPS Store Inc. has confirmed that a malware intrusion impacted 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. The UPS Store worked closely with an IT security firm to resolve the issue. The malware has been eliminated from the 51 impacted locations, as of August 11, and customers can shop securely at The UPS Store. We take our responsibility to protect customer information seriously and apologize for any inconvenience and impact this has had on our customers. How many UPS Stores were affected? At this time, the UPS Store and our IT security firm believe this malware intrusion on our systems impacted 51 locations in 24 states (about 1%) of 4,470 centers throughout the United States. When did this occur and how many customers were impacted? Based on the current assessment, the earliest evidence we have of malware present on a center’s systems is January 20, 2014. For some center locations, based on our assessment, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store. What information was exposed? Customer information may have been exposed as a result of this malware intrusion. The customer information that may have been exposed includes customers’ names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for The UPS Store customers who used a credit or debit card at an impacted location during this period. At this time, we are not aware of any reports of fraud associated with the potential data compromise. What action should I take? At this time, we are not aware of any reports of fraud associated with the malware intrusion. However as the trust of our customers is of the utmost importance, we are notifying potentially impacted customers. We encourage customers to closely monitor their card account activity and report any concerns to their bank or card issuer. The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question. What actions has The UPS Store taken in response to the incident? The UPS Store has committed extensive resources in response to the malware incident and a number of important steps have been taken — most importantly, eliminating the malware from systems at the 51 impacted locations — with the goal of ensuring our customers remain confident about doing business with The UPS Store centers. Is it safe for The UPS Store customers to use their credit cards? Yes. We have eliminated this malware from systems in place at 51 affected franchised center locations. Our first priority is serving our customers. We know it is our responsibility to protect customer information and we have taken a number of steps to ensure that customers can remain confident about doing business with The UPS Store centers network. Does this impact UPS corporate or other The UPS Store center locations? No. Each The UPS Store location is individually-owned and runs an independent private network. The malware was isolated to those locations. Where should I go for updates? We encourage you to check theupsstore, or https://theupsstore.allclearid for updates. If you have additional questions, you may also call 1-855-731-6016. What protection is The UPS Store offering affected customers? The UPS Store is offering identity protection and credit monitoring services at no charge for one year to any customer who used a credit or debit card at one of the impacted center locations during the period in question. In order to take advantage of this service, please visit https://theupsstore.allclearid. The UPS Store representatives are available at 1-855-731-6016 for additional assistance. Will The UPS Store contact me if my credit card was involved? No, The UPS Store does not have sufficient customer information to contact potentially affected customers directly. We have created this website as a resource for potentially affected customers, to determine if they may have used a credit or debit card at one of the affected UPS Store locations during the designated timeframe, and have provided broad public notification about the incident through the media. Letter from our president The UPS Store logo - letterhead The UPS Store Corporate Headquarters 6060 Cornerstone Court West San Diego, CA 92121 To our Valued Customers: The UPS Store, Inc. (“The UPS Store”), among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. Upon receiving the bulletin, we retained an IT security firm and conducted a review of our systems and the systems of our franchised center locations. We discovered the malware present at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. As part of our response to this incident, we have implemented various system enhancements and antivirus updates. Based on our current assessment, we believe that information of The UPS Store customers who made credit and debit card purchases at the impacted franchised center locations between January 20, 2014 and August 11, 2014 may have been exposed. For some center locations, the period of exposure to this malware began after January 20, 2014. The malware was eliminated as of August 11, 2014 and you can shop securely at The UPS Store. The customer information that may have been exposed includes customers’ names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer. Your trust is important to us. Based on the investigation, we feel it is critical to notify our customers of the potential data compromise. We are offering identity protection and credit monitoring services to those customers who made a purchase at one of the impacted locations during the applicable time period. To learn more about identity protection and credit monitoring services and for further information on the impacted store locations, as well as the timeframe for potential exposure to this malware at impacted locations, please visit https://theupsstore.allclearid. We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports. If you believe your credit or debit card was impacted by this incident, you should immediately contact your payment card issuer or bank. If you have any additional questions, please call us at 1-855-731-6016. Please know we take our responsibility to protect customer information seriously and have committed extensive resources to addressing this incident. We understand this type of incident can be disruptive and apologize for any anxiety this may have caused. Sincerely, Tim Davis - Signature Tim Davis President of The UPS Store, Inc. Additional Information Order Your Free Credit Report To order your free credit report, visit annualcreditreport, call toll-free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form. We recommend that you remain vigilant by reviewing your credit reports. When you receive your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you haven’t requested credit. Some companies bill under names other than their store or commercial names. The credit bureau will be able to tell you when that is the case. Look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security number). If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors in this information may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Credit bureau staff will review your report with you. If the information can’t be explained, then you will need to call the creditors involved. Information that can’t be explained also should be reported to your local police or sheriff’s office because it may signal criminal activity. Reporting Incidents If you detect any incident of identity theft or fraud, promptly report the incident to law enforcement or your state Attorney General. If you believe your identity has been stolen, the FTC recommends that you take these additional steps: •Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the FTC’s ID Theft Affidavit (available at ftc.gov/idtheft) when you dispute new unauthorized accounts. •File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime. You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft: Federal Trade Commission Consumer Response Center 600 Pensylvania Avenue, NW Washington, DC 20580 1-877-IDTHEFT (438-4338) ftc.gov/idtheft Identity Protection Services The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them. Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid for further information about these services. AllClear SECURE: The team at AllClear ID is ready and standing by if you need help protecting your identity. This protection is automatically available to you with no enrollment required. If a problem arises, simply call 1-855-731-6016 and a dedicated investigator will do the work to recover financial losses, restore your credit and make sure your identity is returned to its proper condition. AllClear maintains an A+ rating at the Better Business Bureau. AllClear PRO: This service offers additional layers of protection including credit monitoring. For a child under 18 years old, AllClear ID ChildScan identifies fraud by searching various databases for evidence of misuse of the child’s information. To use the PRO service, you will need to provide your personal information to AllClear ID. You may sign up online at enroll.allclearid or by phone by calling 1-855-731-6016 using the redemption code received when registering for the AllClear PRO service. Please note: Additional steps may be required by you in order to activate your phone alerts. The UPS Store has arranged with AllClear ID to offer affected customers identity protection services and credit monitoring at no cost to them. Customers who believe they may have been impacted are encouraged to visit https://theupsstore.allclearid for further information about these services. Consider Placing a Fraud Alert on Your Credit File To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect you against the possibility of an identity thief opening new credit accounts in your name. When a merchant checks the credit history of someone applying for credit, the merchant gets a notice that the applicant may be the victim of identity theft. The alert notifies the merchant to take steps to verify the identity of the applicant. You can place a fraud alert on your credit report by calling any one of the toll-free numbers provided below. You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three credit bureaus. Equifax Equifax Credit Information Services, Inc. P.O. Box 740241 Atlanta, GA 30374 1-800-525-6285 equifax Experian Experian, Inc. P.O. Box 9554 Allen, TX 75013 1-888-397-3742 experian TransUnion TransUnion, LLC. P.O. Box 2000 Chester, PA 19022-2000 1-800-680-7289 transunion Consider Placing a Security Freeze on Your Credit File You may wish to place a “security freeze” (also known as a “credit freeze”) on your credit file. A security freeze is designed to prevent potential creditors from accessing your credit file at the credit bureaus without your consent. There may be fees for placing, lifting, and/or removing a security freeze, which generally range from $5-$20 per action. Unlike a fraud alert, you must place a security freeze on your credit file at each credit bureau individually. For more information on security freezes, you may contact the three nationwide credit bureaus or the FTC as described above. Since the instructions for establishing a security freeze differ from state to state, please contact the three nationwide credit bureaus to find out more information. The credit bureaus may require proper identification prior to honoring your request. For example, you may be asked to provide: Your full name with middle initial and generation (such as Jr., Sr., II, III) Your Social Security number Your date of birth Proof of your current residential address (such as a current utility bill) Addresses where you have lived over the past five years A legible copy of a goverment-issued identification card (such as a state drivers license or military ID card) For Maryland Residents You can obtain information from the Maryland Office of the Attorney General about steps you can take to avoid identity theft. You may contact the Maryland Attorney General at: Maryland Office of the Attorney General Consumer Protection Division 200 St. Paul Place Baltimore, MD 21202 (888) 743-0023 (toll-free in Maryland) (410) 576-6300 oag.state.md.us For North Carolina Residents You can obtain information from the North Carolina Attorney General’s Office about preventing identity theft. You can contact the North Carolina Attorney General at: North Carolina Attorney Generals Office 9001 Mail Service Center Raleigh, NC 27699-9001 (877) 566-7226 (toll-free in North Carolina) (919) 716-6400 ncdoj.gov
Posted on: Wed, 03 Sep 2014 01:26:46 +0000
Trending Topics
Recently Viewed Topics
© 2015