"UPS Discloses Data Breach After Exposed Customer Info Used in SMS Phishing"

Global shipping giant UPS recently confirmed it had experienced a data breach that may have exposed some customer data.  UPS confirmed that the attacker abused its package lookup tool to obtain delivery information.  The SMS phishing scam reported to UPS uses victims’ phone numbers to demand payment for a package ahead of delivery.  It is believed that details, including recipient names, shipment addresses, and “potentially phone numbers and order numbers,” were obtained between February 1, 2022, and April 24, 2023, over a period spanning more than a year.  UPS stated that it is aware of reports relating to an SMS phishing (“Smishing”) scheme focused on certain shippers and some of their customers in Canada.  Out of an abundance of caution, UPS is sending privacy incident notification letters to individuals in Canada whose information may have been impacted. 

TechRadar Pro reports: "UPS Discloses Data Breach After Exposed Customer Info Used in SMS Phishing"