There are 4,470 UPS franchised locations throughout the U.S., so the breach affected roughly 1% of stores. A list of the stores (the 51 locations are in 24 states) that experienced the malware intrusion is available on the UPS website, along with dates of when the intrusion occurred and when secure transactions were re-established. As of Aug. 11, all transactions at UPS locations are secure, according to a letter sent to customers posted on the UPS website. No fraud has yet been reported, but as a precaution, UPS is offering potentially affected customers free identity theft protection and credit monitoring for a year.
This attack is similar to the massive Target breach from last holiday season, when hackers infiltrated the point-of-sale system software and obtained customer data when people swiped their magnetic stripe payment cards at compromised terminals. The earliest evidence of the malware that affected UPS Stores dates back to Jan. 20, but the bulk of locations were affected after March 26.