United Parcel Service (UPS) Canada has disclosed a data breach that may have exposed the personal information of some of its customers. The breach occurred between February 2022 and April 2023, and it is believed that the attackers were able to access customer shipping information, including their names, addresses, and phone numbers.
The attackers are believed to have used this information in an SMS phishing campaign. In these attacks, the attackers send text messages that appear to be from UPS, but they are actually from the attackers. The messages typically contain a link that, when clicked, takes the victim to a fake UPS website. Once the victim enters their personal information on the fake website, the attackers can steal it.
UPS has said that it has taken steps to secure its website and prevent future data breaches. The company has also said that it is working with law enforcement to investigate the incident.
What happened?
The UPS Canada Data Breach was caused by a vulnerability in UPS's package lookup tool. This tool allows customers to track the status of their packages by entering the tracking number. The vulnerability allowed attackers to access the tracking number and other personal information of customers who had recently used the tool.
What information was exposed?
The personal information that was exposed in the UPS Canada Data Breach includes:
Names
Addresses
Phone numbers
Tracking numbers
Shipping dates
Shipping destinations
What is UPS doing to protect customers?
UPS has said that it has taken the following steps to protect customers:
Secured its website: The vulnerability that allowed the breach has been patched.
Investigated the incident: UPS is working with law enforcement to investigate the incident and to identify the attackers.
Notified customers: UPS has sent letters to customers who may have been affected by the breach.
How can I protect myself from future data breaches?
There are a number of things you can do to protect yourself from future data breaches:
Be careful about what information you share online: Only share your personal information with websites and companies that you trust.
Use strong passwords and change them regularly: A strong password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols.
Be wary of phishing emails and text messages: These messages often appear to be from legitimate companies, but they are actually from attackers trying to steal your personal information. Do not click on any links in these messages or provide any personal information.
Install security software on your devices and keep it up to date: This will help to protect your devices from malware and other threats.
What can I do if I have questions?
If you have any questions about the UPS Canada Data Breach, you can contact UPS customer service at 1-800-742-5877. You can also visit the UPS website for more information.