A phishing effort targeting The UPS Store which took place between September 29th, 2019 and January 13th, 2020 exposed personal and financial information for a number of their customers. Through investigation after the discovery of the attack, it appears that the exposed information was accessed through compromised employee email accounts from approximately 100 UPS Store locations. Information that the attackers were able to access varied depending on what documents were contained on the compromised accounts. In a statement, The UPS Store said, “Immediately upon discovering this incident, The UPS Store, Inc. initiated an investigation to assess the incident’s scope, including engaging a third-party cybersecurity firm, and has taken steps to further strengthen and enhance the security of systems in The UPS Store, Inc. network, including updating administrative and technical safeguards.” The company is providing affected customers with Experian’s IdentityWorks credit monitoring service for 24 months.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for