UPS said that the hacking had escaped detection at stores in 24 states, or around 1% of its locations. At most stores, the malware attack occurred after March 26, and was eliminated by August 11.
No fraud has yet been discovered, UPS said, but customer names, postal addresses, email addresses and payment card information were compromised.
Tim Davis, president of The UPS Store, apologized in a statement for any anxiety the theft may have caused customers. He said the company had deployed "extensive resources to quickly address and eliminate this issue."
Each UPS Store is franchised and runs separate computer systems, which may have helped limit the extent of the attack. UPS said the bug was not found at any of its other businesses. More...
Hackers have gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers.
Anyone who received treatment from a physician's office tied to a network-owned hospital in the last five years -- or was merely referred there by an outside doctor -- is affected.
The large data breach puts these people at heightened risk of identity fraud. That allows criminals open bank accounts and credit cards on their behalf, take out loans and ruin personal credit history.
The company's hospitals operate in 28 states but have their most significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas. More...
Specialized policies to protect against online attacks are offered by about 50 carriers, including big names like the American International Group, Chubb and Ace. As data breaches have become a reality of the business world, more companies are buying policies; demand increased 21 percent last year from 2012, according to Marsh, a risk management company and insurance broker.
Yet companies say it is difficult to get as much coverage as they need, leaving them vulnerable to uncertain losses.
The main problem is quantifying losses from attacks, because they are often intangible — lost sales or damage to a brand name, like the public relations disaster Target suffered after the breach of its point-of-sale systems late last year.
“The losses that are more tangible and more readily quantifiable are the ones you’ll be able to insure against more easily,” said Ed Powers, who heads the online risk services practice at Deloitte & Touche, the accounting firm. “The ones that are less tangible and less quantifiable are more challenging, but those are often the bigger ones.” More...
- Data breach at UPS Stores in 24 states
- Hospital network hacked, 4.5 million records stolen
- With 1 million comments, U.S. net neutrality debate nears first marker
- U.S. web companies press demands for net neutrality with FCC
- German government cancels Verizon contract in wake of U.S. spying row
- Cyberattack Insurance a Challenge for Business
- Half of American adults hacked this year
- F.C.C. Votes to Move Ahead on Net Neutrality Plan
- U.S. 'net neutrality' plan faces heat from venture capitalists
- FBI Keeps Internet Flaws Secret to Defend Against Hackers