Experts On UPS Reveals Phishing Attack Might Have Exposed Customer Information

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorised person had used a phishing attack to gain access to store email accounts at some of its store locations between September 29, 2019 and January 13, 2020.

UPS did not specify in the letter precisely how many stores were involved, only saying that a “small percentage” were hit by the criminal act, which took place between approximately Sept. 29, 2019 and Jan. 13, 2020. However, Robinson clarified that the breach affected about 100 stores, less than two percent of The UPS Store’s U.S. locations.

The company said that since discovering the breach, it hired a third-party cyber firm to conduct an investigation, and it “has taken steps to further strengthen and enhance the security of systems in The UPS Store, Inc. network, including updating administrative and technical safeguards.”

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 24, 2020 3:56 pm

It\’s good to see UPS informing their customers as soon as they discovered the breach and outlining the steps they\’ve taken. The incident increasingly demonstrates the impact on companies and their customers that can arise from even the most basic of phishing attacks. There should be no reason in today\’s age that any company does not take steps to deliver security awareness and training to all their staff and contractors to ensure they are best placed to identify and report a phishing or any other form of social engineering attack.

Last edited 2 years ago by Javvad Malik
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 24, 2020 12:00 pm

It\’s good to see UPS informing their customers as soon as they discovered the breach and outlining the steps they\’ve taken. The incident increasingly demonstrates the impact on companies and their customers that can arise from even the most basic of phishing attacks. There should be no reason in today\’s age that any company does not take steps to deliver security awareness and training to all their staff and contractors to ensure they are best placed to identify and report a phishing or any other form of social engineering attack.

Last edited 2 years ago by Javvad Malik
Peter Draper
Peter Draper , Technical Director, EMEA
InfoSec Expert
January 23, 2020 12:00 pm

Here we have another example of the most common issue facing companies today – phishing attacks that allow bad actors to breach corporate systems. It is clear that phishing is never going to be eradicated so companies need to do all they can to protect against it. The challenge is there are many ways that bad actors breach systems using phishing. Providing protection against credential misuse by deploying MFA/Advanced authentication is one of the primary protections. In addition, companies should ensure they have full visibility of users accounts, entitlements and behaviour with the ability to spot anomalous and risk behaviour quickly and remediate.

Last edited 2 years ago by Peter Draper
3
0
Would love your thoughts, please comment.x
()
x