The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers.
In its "Notice of Data Breach
" letter, UPS disclosed that an unauthorized person had used a phishing attack to gain access to store email accounts at some of its store locations between September 29, 2019 and January 13, 2020.
The American multinational package delivery and supply chain management company responded by launching an investigation with the help of a third-party digital security firm to figure out what happened.
As a result of that effort, UPS found personal information in the compromised email accounts. It specifically located the data in documents which customers had emailed to the affected store locations for printing or other services. The types of compromised information varied based upon the details that customers had individually sent over to their local stores.
UPS didn't identify the exact number of stores that fell victim to the phishing incident. However, UPS Public Relations & Social Media Manager Jenny Robinson told Bleeping Computer
that the attack affected less than two percent of its stores, or approximately 100 locations.
In its letter, UPS indicated that it would be working with affected customers to help them protect themselves going forward:
We take the privacy and security of your personal information very seriously and for this reason want you to understand what we are doing to address this issue and what steps you can take to protect yourself.... Although we have no information at this time that would indicate that your personal information has been used in an unauthorized manner, we are offering you complimentary credit monitoring and identity theft restoration services described in this letter.
Along with taking up UPS on its offer, customers affected by the phishing incident should consider placing a fraud alert or security freeze on their credit files. They should also follow these additional steps
to further protect themselves against the threat of identity theft.