cyber Breach

UPS

Jul 9, 2023 1 min read
UPS

UPS found that between February 2022 and April 2023, the perpetrators of the persistent SMS phishing campaign used its package look-up capabilities to obtain access to delivery information, including the recipients' personal contact information.

The company has now put protections in place to limit access to this sensitive data in order to combat these sophisticated phishing attacks.

The recipient's name, the address to which the box was being shipped, and possibly the phone number and order number were all available information through the parcel look-up facilities.

In order to maintain transparency and raise awareness of the issue, UPS will notify people whose information may have been compromised.

Source: https://heimdalsecurity.com/blog/ups-discloses-data-breach-caused-by-an-sms-phishing-campaign/

TPRM report: https://scoringcyber.rankiteo.com/company/ups

"id": "ups134325623",
"linkid": "ups",
"type": "Data Leak",
"date": "04/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Logistics',
                        'name': 'UPS',
                        'type': 'Organization'}],
 'attack_vector': 'SMS phishing',
 'customer_advisories': ['Notify people whose information may have been '
                         'compromised'],
 'data_breach': {'personally_identifiable_information': ["Recipient's name",
                                                         'Shipping address',
                                                         'Phone number',
                                                         'Order number'],
                 'type_of_data_compromised': ['Personal contact information']},
 'description': 'Between February 2022 and April 2023, perpetrators of a '
                "persistent SMS phishing campaign used UPS's package look-up "
                'capabilities to obtain access to delivery information, '
                "including recipients' personal contact information.",
 'impact': {'data_compromised': ["Recipient's name",
                                 'Shipping address',
                                 'Phone number',
                                 'Order number']},
 'motivation': 'Data theft',
 'response': {'communication_strategy': ['Notify people whose information may '
                                         'have been compromised'],
              'remediation_measures': ['Put protections in place to limit '
                                       'access to sensitive data']},
 'title': 'UPS SMS Phishing Campaign Data Breach',
 'type': 'Phishing',
 'vulnerability_exploited': 'Package look-up capabilities'}
Published by
Roshni Ray
Roshni Ray
You might also like
Ransomware cyber

VMware

public 2 min read
Scattered Spider, a cybercriminal group, has recently targeted VMware ESXi hypervisors, encrypting entire virtual machine infrastructures using DragonForce ransomware. This…
Jeremy C Jeremy C
Vulnerability cyber

BeyondTrust

public 1 min read
A significant security vulnerability, designated as CVE-2025-2297, has been discovered in BeyondTrust’s Privilege Management for Windows solution. This vulnerability…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.