UPS Stores, a subsidiary of UPS, said that a security breach may have led to the theft of customer credit and debit data at 51 UPS franchises in the United States.

Chelsea Lee, a UPS spokeswoman, said the company began investigating its systems for indications of a security breach on July 31 the day The New York Times reported that the Department of Homeland Security and the Secret Service would be issuing a bulletin warning retailers that hackers had been scanning networks for remote access capabilities, then installing so-called malware that was undetectable by antivirus products.

UPS hired an information security firm and discovered that the malware was  on its in-store cash register systems at 51 of its locations in 24 states, roughly 1  percent of UPS’s 4,470 franchises throughout the United States, reports The New York Times.

In a statement, the company said that customers who had used their debit or credit cards at affected locations, which are listed on the UPS website, from  Jan. 20 to Aug. 11, 2014 may have been exposed to the malware, though it said exposure began after March 26 in most cases. UPS said it had eliminated the malware as of Aug. 11.

UPS said it would offer one year of free identity protection and credit monitoring services to any customer who had used a credit or debit card at any of its affected store locations. 

Read more: www.newyorktimes.com