It isn’t a matter of “if”–it’s a matter of “when”. The answer for UPS is between January and August of this year at approximately 50 of its retail stores. UPS announced this week that it has discovered that its point-of-sale systems at some store locations had been compromised, resulting in a breach of data for customers who shopped at those store during that timeframe.
I wrote about the breach in a blog post:
What can brown do for you? If you’re one of the unlucky customers, the answer might be that brown can compromise your credit card information. UPS revealed that it is the latest high-profile company to fall victim to a data breach resulting from a point-of-sale system compromise.
The data breach was announced August 20, but the initial compromise was traced back to January 20. The attack affected 51 of the 4,000-plus retail stores UPS operates, and was identified and remediated on August 11. If you happened to be a customer at one of those 51 stores, though, during the timeframe the compromise was active, there is a good chance your credit card information has been captured.
“As UPS basically admits that the attackers were in their systems, undetected for 4-8 months, it shows the necessity of Enterprises to start using security tools that are able to detect attacks not just in real time (e.g IPS, NextGen Firewalls, etc.), but—more importantly—over time (e.g. By analyzing historical and ongoing traffic logs),” explains Aviv Raff, CTO and Chief Researcher for Seculert.