In a data breach notice, The UPS Store disclosed that it had become the victim of a phishing incident which resulted in its customer information being exposed.
Between September 29, 2019 and January 13, 2020, at some of its store locations, an unauthorised person gained access to a limited number of local store email accounts through a phishing campaign.
“The types of personal information involved varied by individual, but included information emailed to the affected The UPS Store locations, including things like government-issued identification, financial, and other information,” Public Relations & Social Media Manager Jeremy Robinson told BleepingComputer.
Immediately after discovering the incident, the UPS Store launched an investigation into the incident and hired a third-party cybersecurity firm. Law enforcement authorities have been notified.
In addition, the company “has taken steps to further strengthen and enhance the security of systems in the UPS Store, Inc. network, including updating administrative and technical safeguards,” the notice read.
There is no evidence as of yet of any misuse of personal information, however as an added precaution, the company is offering a complimentary 24-month membership of Experian’s IdentityWorks, which provides customers with credit monitoring and identity theft restoration services.
The post Privacy: Phishing campaign results in UPS store data breach appeared first on PrivSec Report.