Shipping provider UPS has revealed sensitive customer details were exposed after malware was discovered on the computer systems of 51 of its US stores.
The company and an unnamed IT security firm opted to investigate whether it had been affected by a malware-based intrusion after receiving a bulletin from the US government warning retailers that hackers had been remotely accessing systems of retailers to install malware that was unable to be detected by antivirus software.
UPS discovered 51 of its stores had been affected between January 20 and August 11 this year, with the majority infected after March 26.
The 51 locations comprise around one percent of UPS' US locations. Each UPS store is franchised and runs its own IT systems that aren't connected to other franchises.
The malware was completely removed by August 11, the company said.
Customers' names, addresses, email addresses and payment card information were compromised, UPS said, but it had not yet uncovered any fraud.
Around 105,000 customer transactions were affected as a result of the infection.
"As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue," UPS store president Tim Davis said in a statement.