cyber Breach

UPS

Jul 9, 2023 1 min read
UPS

UPS found that between February 2022 and April 2023, the perpetrators of the persistent SMS phishing campaign used its package look-up capabilities to obtain access to delivery information, including the recipients' personal contact information.

The company has now put protections in place to limit access to this sensitive data in order to combat these sophisticated phishing attacks.

The recipient's name, the address to which the box was being shipped, and possibly the phone number and order number were all available information through the parcel look-up facilities.

In order to maintain transparency and raise awareness of the issue, UPS will notify people whose information may have been compromised.

Source: https://heimdalsecurity.com/blog/ups-discloses-data-breach-caused-by-an-sms-phishing-campaign/

TPRM report: https://scoringcyber.rankiteo.com/company/ups

"id": "ups134025623",
"linkid": "ups",
"type": "Data Leak",
"date": "02/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Logistics and Delivery',
                        'name': 'UPS',
                        'type': 'Organization'}],
 'attack_vector': 'SMS Phishing',
 'data_breach': {'personally_identifiable_information': ["Recipient's name",
                                                         'Shipping address',
                                                         'Phone number'],
                 'type_of_data_compromised': ['Personal contact information',
                                              'Delivery information']},
 'date_detected': 'February 2022',
 'description': 'UPS discovered that between February 2022 and April 2023, '
                'attackers used its package look-up capabilities to access '
                "delivery information, including recipients' personal contact "
                'information.',
 'impact': {'data_compromised': ["Recipient's name",
                                 'Shipping address',
                                 'Phone number',
                                 'Order number']},
 'initial_access_broker': {'entry_point': 'Package look-up capabilities'},
 'motivation': 'Data Theft',
 'response': {'communication_strategy': ['Notify affected individuals'],
              'remediation_measures': ['Put protections in place to limit '
                                       'access to sensitive data']},
 'title': 'UPS Data Breach via SMS Phishing Campaign',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Package look-up capabilities'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.