The UPS Store computer system was hacked, compromising confidential information of customers at its Delaware Avenue franchise in Buffalo and 50 other locations around the country, the company announced Thursday.
But the national chain said there is no evidence customers’ credit cards have been used. To assuage fears, it is offering complimentary identity theft protection and credit monitoring to those affected for one year.
“It’s important to note that the malware was eliminated, and it is now secure to conduct business at all UPS Store locations,” said Nicole Cox, the company’s public relations supervisor. “We apologize for any impact this may have had on our customers.”
The data breach spanned from Jan. 20 to Aug. 11, exposing credit and debit card information and postal and email addresses of thousands of customers, Cox said. There were 105,000 transactions during that time frame at the 51 affected stores, which account for only 1 percent of the chains 4,474 locations.
At the Buffalo location, Cox said, the data breach occurred from April 29 to Aug. 11.
Customers who might have been exposed to the data breach should monitor their account activities and report suspicious findings to their bank or credit card issuer, Cox said.
The company, which is an independently owned and operated subsidiary of UPS, learned of the problem July 31.
“We retained an IT security firm and conducted a thorough review of our system and systems of our franchise center locations around the country,” Cox said.
She said the problem has been addressed and wasn’t widespread.
“Based on our current assessment, UPS Store has no evidence of fraud arising from this incident at this time,” she said.
Customers who want to enroll in the complimentary credit monitoring and identity theft protection can call (855) 731-6016 or visit theupsstore.allclearid.com to enroll.