Feeds

Did you swipe your card through one of these UPS Store tills? You may have been pwned

As many as 100k transactions spied upon by malware

Choosing a cloud hosting partner with confidence

UPS has discovered an outbreak of debit and credit-card-reading malware in 51 of its branches in the US.

Exactly which strain of malware was involved is not known; a spokesperson told The Register today: "We're still investigating the infection." It's hoped the identity of the malware will be revealed once that probe is complete.

The shipping biz has issued a statement explaining that the software nasty was detected during an audit by an outside consultant.

That probe was in response to an American government security alert warning organizations to check for “a broad-based malware intrusion not identified by current anti-virus software”, the company says.

“UPS Store, Inc discovered malware identified in the [government] bulletin on systems at 51 locations in 24 states (about one per cent) of 4,470 franchised center locations throughout the United States,” the statement explains.

UPS says the security breach may have exposed credit and debit card data at the affected stores between January 20, 2014 and August 11, 2014. As many as 100,000 transactions may have been snooped on, we're told, out of the millions normally running through the UPS network.

Names and addresses were also accessible by the malware in the affected systems, but the company says that to date it hasn't identified any evidence of fraudulent activity as a result of the breach.

While UPS didn't identify the malware had infected the franchise outlets, US-CERT has been warning about point-of-sale vulnerabilities for some time – for example, in this advisory in January.

At the beginning of August, US-CERT also warned against a brute-force attack on sales terminals. ®

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.