The paper "Data Breach at the United Parcel Service" is an outstanding example of a business case study. Most businesses are embracing modern technology as a mean of easing organizational activities. However, with the advancement in technology, several cases associated with hacking activities have been on the rise reflecting increment in the number of organization liabilities. Both the government corporations and private entities are at the risk of facing these unprecedented cyber-attacks and threats especially if the outlined security measures are weak. The cost of data breaches is on the rise around the globe as sophisticated thieves target valuable financial records.
Direct costs associated with a data breach include loss of customer loyalty, cost of hiring experts to help fix the breach, investigation of the cause, setting up hotlines for the customers, and offering monitoring plans for the credit and debit cards of the loyal clients (Wang, 2007). Nevertheless, most business entities often enforce poor communication methods among different departments and clients. With poor communication, controlling data breaches might be a greater challenge and could lead to losses of greater magnitude. Background of the United Parcel Service (UPS) Considered as the world’ s largest package delivery organization and a major provider of supply chain management, UPS has its headquarter in Sandy Springs, Georgia.
The company delivers more than 15 million packages to about 6.1 million customers in a day within the 220 countries that it operates. In addition, most clients identify the company as “ Brown” due to its brown delivery trucks. Besides the delivery roles, the company also operates its own airline and cargo delivery service based in Louisville, Kentucky. Considering its scope of operation, the company deals with numerous information of which some of them are very confidential.
As a result, there is a need to ensure adequate security measures on the database to prevent infringement into confidential information about the customers. Data breach in the company United Parcel Service Inc. data breach in its 51 stores, which might have affected more than 105,000 transactions of the customers between January and August. The breach mainly occurred in the computer systems found in the retail store outlets. In addition, the incident exposed personal information about the customers and payment data.
With the rising technology, there is a need to put in place security measures that monitor the malware activities. The company found the malware programme in all the 51 stores found the 24 states where it operates. Although the company had the number of affected transactions, it was not able to account for the number of customers affected by the incident (Kendrick, 2010). Furthermore, the management cited that the breach was limited considering the fact that the company does not manage all the networks of the franchised business. The major activities that increased the level of susceptibility of the people are using credit and debit cards in the affected retail centers from January 20 through August 11.
In most outlets, exposure to the malware began after March 26 and it took the company almost six months to eliminate the malicious programme. The information about the customers that were revealed includes the email addresses, payment card information, and their names. More importantly, to note is that the malware found itself in the electronic cash registers of the company. In most security breaches, the criminals often scan the network of the retailers for software tools, which let the employees, and other vendors access the system remotely.
Upon finding the tool within the system, the hackers search for the vulnerabilities or the credentials of the users to log into the system as the administrators. While in the system, reports indicate that the criminals were able to find their way into the point-of-sale (POS) system and implanted the malicious programme that they designed to capture the data when the customers were swiping their cards.
Additionally, reports from the analysis of the KrebsOnSecurity indicate the hackers chose the company due to its retail nature. It is easier to target the retails due to the distributed nature of the remote stores and franchises, and the accessibility requirement across the globe to the backed-up systems. In relation to the attack, the company received bulletins on July 31 from the United States Department of Homeland Security (Griffin, Ji, & Martin, 2003). Reports from the management indicate that it took longer periods for the company to note the malware since the current anti-virus used had no ability to identify the malicious programme.
Since the data associated with credit and debit cards often remain in the plain text until its arrival at the payment processor, the most obvious precaution that companies accepting these cards should focus on is to encrypt the information immediate the card is swiped. Experts also indicate that it is important to leave the decryption key with the processors upon effecting the payment.
Alexander, D. C. (2004). Business confronts terrorism: Risks and responses. Madison: University of Wisconsin Press/Terrace Books.
Calder, A. (2005). A business guide to information security: How to protect your company's IT assets, reduce risks and understand the law. London: Kogan Page.
Choate, P. (2008). Dangerous business: The risks of globalization for America. New York: Alfred A. Knopf.
Gomzin, S. (2014). Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions. Indianapolis, IA: Wiley.
Griffin, J. M., Ji, X., & Martin, J. S. (2003). Momentum Investing and Business Cycle Risk: Evidence from Pole to Pole. Journal of Finance, 12(3), 101-114.
Kendrick, R. (2010). Cyber Risks for Business Professionals: A Management Guide. Ely: IT Governance Pub.
Sampson, K. L. (2002). Value-added records management: Protecting corporate assets, reducing business risks. Westport, CT: Quorum Books.
Wang, A. (2007). Priming, Framing, and Position on Corporate Social Responsibility. Journal of Public Relations Research, 7(3), 88-112.