Phishing Campaign Accessed Data for 15 Months at Multinational Shipping Company UPS

October 2, 2023

INCIDENT

Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. "UPS is aware that some package recipients have received fraudulent text messages demanding payment before a package can be delivered," UPS said in a letter shared by Emsisoft threat analyst Brett Callow.

Following an internal review, UPS found that the attackers behind this ongoing SMS phishing campaign were using its package look-up tools to access delivery details, including the recipients' personal contact information, between February 2022 and April 2023.

Incident Date

April 15, 2023

Location

United States

Estimated Cost

No cost values disclosed.

Victims

Type of Malware

No Malware identified

Threat Source

No threat source identified

References

UPS discloses data breach after exposed customer info used in SMS phishing

Industries

Transportation (Includes Logistics, Shipping, Maritime, Rail, Trucking)