They're still investigating how many people are affected:
The company said Wednesday that information about customers who visited the locations between Jan. 20 and Aug. 11 of this year “may have been exposed,” including names, addresses, emails and payment card details. It doesn’t know how many customers visited the affected stores during the time window in which malware infected their systems, and is still investigating, UPS Store spokeswoman Nicole Cox told MarketWatch.
The UPS Store said on Wednesday that computer systems at several of its franchised center locations had been infected with stealthy malware that went undetected by its anti-virus software and put customer credit and debit card information at risk.
The shipping giant said that it received a government bulletin regarding a "broad-based malware intrusion targeting retailers" in the United States, which sparked the company to hire an IT security firm and conduct a review of its systems and the systems of its franchised center locations.
The investigation revealed that 51 locations in 24 states had been infected with the malware identified in the bulletin.
While UPS did not provide details on the type of malware that infected its systems, it was likely the “Backoff” malware that the U.S. Government first warned about late last month.In a report released July 31 by the U.S. Department of Homeland Security’s US-CERT, security experts explained how cybercriminals are using legitimate programs as the first step to break into corporate networks and compromise point-of-sale systems with malware