Malware was found at 51 locations in 24 states, or about 1% of the 4,470 franchise stores across the US. About 105,000 transactions were affected, although the company cannot yet say how many customers.
UPS declared its breach may have been limited because each franchised retail outlet is individually owned and runs independent, private networks not connected to other locations.
At risk are UPS Store customers who used a credit or debit card at one of the affected locations from January 2014 through August 2014. At most of the locations, exposure to the malware began after March, and it was eliminated from all locations by August.
Information that may have been revealed includes names, postal and e-mail addresses, and payment card data. Not all information may have been exposed for each customer.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now