Experts On UPS Reveals Phishing Attack Might Have Exposed Customer Information

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorised person had used a phishing attack to gain access to store email accounts at some of its store locations between September 29, 2019 and January 13, 2020.

UPS did not specify in the letter precisely how many stores were involved, only saying that a “small percentage” were hit by the criminal act, which took place between approximately Sept. 29, 2019 and Jan. 13, 2020. However, Robinson clarified that the breach affected about 100 stores, less than two percent of The UPS Store’s U.S. locations.

The company said that since discovering the breach, it hired a third-party cyber firm to conduct an investigation, and it “has taken steps to further strengthen and enhance the security of systems in The UPS Store, Inc. network, including updating administrative and technical safeguards.”

Experts Comments

January 23, 2020
Peter Draper
Technical Director, EMEA
Gurucul
Here we have another example of the most common issue facing companies today - phishing attacks that allow bad actors to breach corporate systems. It is clear that phishing is never going to be eradicated so companies need to do all they can to protect against it. The challenge is there are many ways that bad actors breach systems using phishing. Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. In addition, companies.....Read More
Here we have another example of the most common issue facing companies today - phishing attacks that allow bad actors to breach corporate systems. It is clear that phishing is never going to be eradicated so companies need to do all they can to protect against it. The challenge is there are many ways that bad actors breach systems using phishing. Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. In addition, companies should ensure they have full visibility of users accounts, entitlements and behaviour with the ability to spot anomalous and risk behaviour quickly and remediate.  Read Less
January 24, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
It's good to see UPS informing their customers as soon as they discovered the breach and outlining the steps they've taken. The incident increasingly demonstrates the impact on companies and their customers that can arise from even the most basic of phishing attacks. There should be no reason in today's age that any company does not take steps to deliver security awareness and training to all their staff and contractors to ensure they are best placed to identify and report a phishing or any.....Read More
It's good to see UPS informing their customers as soon as they discovered the breach and outlining the steps they've taken. The incident increasingly demonstrates the impact on companies and their customers that can arise from even the most basic of phishing attacks. There should be no reason in today's age that any company does not take steps to deliver security awareness and training to all their staff and contractors to ensure they are best placed to identify and report a phishing or any other form of social engineering attack.  Read Less
January 24, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
It's good to see UPS informing their customers as soon as they discovered the breach and outlining the steps they've taken. The incident increasingly demonstrates the impact on companies and their customers that can arise from even the most basic of phishing attacks. There should be no reason in today's age that any company does not take steps to deliver security awareness and training to all their staff and contractors to ensure they are best placed to identify and report a phishing or any.....Read More
It's good to see UPS informing their customers as soon as they discovered the breach and outlining the steps they've taken. The incident increasingly demonstrates the impact on companies and their customers that can arise from even the most basic of phishing attacks. There should be no reason in today's age that any company does not take steps to deliver security awareness and training to all their staff and contractors to ensure they are best placed to identify and report a phishing or any other form of social engineering attack.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.