Major Credit Card Security Breach at UPS: Are You Affected?

Posted August 26, 2014 by CCC Staff in

The UPS Store

There has been another major security breach south of the border – this time with UPS. Customers of the parcel delivery courier may have had their most sensitive personal information stolen – their credit and debit card information – by a computer virus.

Delivering more than 15 million packages a day to more than 6.1 million customers in over 220 countries and territories worldwide, UPS is one of the largest shipment and logistics companies in the world. To say this is a small security breach would be an understatement. Let’s take a look at the customers who may be affected and provide some tips on protecting yourself from breaches like this.

Who May Be Affected by the Security Breach?

UPS says malware may have compromised the credit card information for thousands of its loyal customers. The computer virus was found on 51 of its stores in 24 states nationwide. The following states were affected by the security breach: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia and Washington. The good news is Canadian customers were not affected.

Personal information including names, credit card numbers, addresses, and email addresses from 100,000 transactions made between January 20th and August 11th may have been compromised. UPS was first alerted of the security breach when it received a bulletin from the Department of Homeland Security on July 31st. Although the company isn’t aware of any fraud that took place, cardholders who may have been affected are urged to keep a close eye on their credit card statements for any fraudulent charges.

What is UPS Doing to Protect its Customers?

UPS is taking a proactive role in getting to the bottom of this major security breach. UPS hired a security company to carefully review its computer systems. UPS says the virus was found at only 1 per cent of the company’s 4,470 franchised locations. In fact, the breach didn’t occur until as late as March or April at many stores.

As of August 11th UPS says the security breach has been fixed. UPS is taking extra steps to protect its customers. It is offering free identity protection and credit monitoring for affected customers, urging cardholders to take advantage of.

This latest credit card breach comes on the heel of credit card fraud at Target. Late last year U.S. retailer Target made headlines when it revealed 40 million credit card and debit card accounts were compromised, marking the second largest credit card breach in U.S. history.

The U.S. Slow to Adopt Chip-and-PIN Technology

Unlike Canada, Chip-and-PIN credit cards are not as widespread in the United States. While cardholders in Canada, Europe and Mexico have been enjoying the added security of Chip-and-PIN technology for years, adoption stateside is moving at a snail’s pace. In fact, the U.S. is the last major market to still use traditional magnetic strip credit cards.

That will soon change – October 2015 is the deadline imposed for U.S. retailers to upgrade to Chip-and-PIN technology. It’s in the best interest for retailers to switch – retailers who don’t could find themselves liable for credit card fraud.

Chip-and-PIN credit card transaction are a lot more secure than swiping your credit card. When you make a purchase with your Chip-and-PIN credit card, a one-time code is created that moves between your card’s chip and the retailer’s point of sale terminal; the data is useless except to the parties involved. Chip-and-PIN is also more convenient – instead of signing a receipt, you can quickly enter your PIN into the keypad of the point of sale terminal.

The Bottom Line

It’s up to businesses to protect their computer systems from malware, or risk seeing their customer base crumble. Although Chip-and-PIN technology has helped reduce credit card fraud, cardholders still need to take the necessary precautions to protect their credit card information. If you haven’t switched to Chip-and-PIN technology, what are you waiting for? You’re leaving yourself open to credit card skimming if you still have a magnetic strip credit card.

It’s also important to regularly review your credit report and credit card statement for fraudulent activity. If you find any suspicious charges, you should report them to your credit card issuer immediately.