ATLANTA (8/22/14)--Add shipping giant United Parcel Service (UPS) to the list of merchants that have suffered a data breach that compromised its customers' credit and debit card information.
The Atlanta-based company said Wednesday it learned from the U.S. Department of Homeland Security and the U.S. Secret Service that malware found on computer systems at some The UPS Stores had exposed names, payment card numbers and postal and email addresses from about 100,000 transactions (USA TODAY Aug. 21).
At-risk transactions took place in 51 stores in 24 states between Jan. 20 and Aug. 11. There are 4,470 franchised locations that are individually owned and run independent private networks that are not connected to other franchised center locations, the company said.
The UPS news follows on the heels of last week's breaches at grocery chains SuperValu and Albertsons. Since the Target breach last year--the granddaddy of breaches so far, affecting 40 million debit and credit card numbers and 70 million customers' information--the list of compromised merchants includes Neiman Marcus, Sally Beauty Supply, Michaels, P.F. Chang's, Goodwill Industries International and Jimmy John's.
Meanwhile, the website security flaw Heartbleed resurfaced in the hacking of 4.5 million patient records from Community Health Systems of Franklin, Tenn., which runs a network of 206 hospitals and satellite doctors' offices across 29 states.
In April, the Heartbleed bug in the Open Secure Socket Layer technology--used to establish secure links between servers and users--exposed millions of usernames, passwords and other information.
The stolen records from Community Health Systems go beyond card data; they include addresses, birth dates, telephone and Social Security numbers--all prime fodder for identity theft (Bank Technology News Aug. 21).
Damage from the compromised information could exceed that of Target, John Zurawski, vice president of security software company Authentify, told Bank Technology News.
"Target lost credit card information, but Community Health has lost Social Security numbers, addresses, birth dates, phone numbers--everything a fraudster needs to capitalize on the individual's credit rating and more," he said.
Thus, financial institutions should be wary on two fronts: Protect against the potential of increased credit fraud and redouble efforts to ensure their own systems are safe.