The hack, which affected 51 franchises across 24 states, exposed clients' names, postal addresses, email addresses and payment card information. The company said the malware had been "eliminated" and that its services were now safe to use. On Monday, a large US hospital chain said its systems had been infiltrated. About 4.5 million healthcare patients involved with Community Health Systems facilities had their private information stolen.
Last week, the US grocery chain SuperValu said it had also suffered a breach. UPS, which was founded as a messenger company in 1907 and has become a multibillion-dollar corporation, has more than 4,450 franchised locations in the US.
Each franchise is individually owned and responsible for installing its own network. The breaches, which were only discovered by UPS because of a notification from the US government, took place between January and August. UPS said that while it had received no reports of the stolen data being used for fraudulent purposes, customers should carefully monitor their account activity for signs of intrusion.
"We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports," said Tim Davis, president of The UPS Store. He added: "Our customers can be assured that we have identified and fully contained the incident." The company also said it had begun an internal review to investigate the breach.