UPS data breach because of a phishing email


Despite everything cybersecurity experts have already said and done to try to prevent phishing incidents, this remains one of the main practices of cybercriminals. This time, the affected company is United Parcel Service (UPS), where a phishing attack could have compromised the information of some of its customers. 

The shipping company revealed through a statement that an unauthorized user was able to access email accounts in various locations thanks to an elaborate phishing campaign deployed between September 29, 2019 and the first days of January 2020.

The multinational company claims that, after detecting unauthorized access, it began an investigation in collaboration with a prestigious cybersecurity firm to determine the process employed by the attacker and shut down illegitimate access. 

Following this investigation, UPS found personal information in the compromised email accounts, specifically localized the data that customers sent via email to the affected stores. The personal information exposed varies depending on the UPS branch. 

The company’s statement does not specify the exact number of branches affected by the phishing incident, however, in subsequent statements Jenny Robinson, UPS’s public relations manager, stated: “At least one hundred of our branches were affected by the attack, which represents 2% of our total locations.”

The manager also mentioned that UPS will take some steps to prevent similar incidents in the future: “The security of our customers’ information is our priority, we are already taking steps to correct these inconveniences… Right now there is no indication of possible use of the exposed data, but we will offer complementary services to prevent any attempted fraud.”

The company will begin offering users possibly affected credit monitoring and identity theft prevention services, although it also recommends users take into account some cybersecurity tips to mitigate any risk. 

On the other hand, to prevent phishing attacks, specialists from the International Institute of Cyber Security (IICS) recommend implementing email filters, analyzing any suspicious-looking messages, as well as reporting these messages to the area affected company’s systems.