UPS came forward relatively quickly about a payment system hack that was discovered after the retailer received a sectorwide, government-issued alert about a specific form of antivirus-proof infection.
UPS proactively hired a cybersecurity firm to inspect all store systems “upon receiving the bulletin,” company officials said in a statement.
The malicious software in play is believed to be Backoff, a “point-of-sale” infection that scrapes system memory for payment card data and logs keystrokes, according to a July 31 Department of Homeland Security bulletin that was updated Aug. 18.
Customer data that might have been compromised includes names, postal addresses, email addresses and payment card information.
Read the rest at ThreatWatch, Nextgov’s regularly updated index of cyber breaches.