News Stay informed about the latest enterprise technology news and product updates.

Staples data breach update: 1.16 million cards, 1,400 stores affected

An update from the office-supply giant shows that 1.16 million cards and point-of-sale systems at more than 1,400 stores may have been affected.

FROM THE ESSENTIAL GUIDE:

Understanding and responding to POS malware

GUIDE SECTIONS

  1. Warnings
  2. Nature
  3. Defense
  4. Glossary
+ Show More

Office-supply chain retailer Staples Inc. today shed further light on its recent data breach, with new details...

indicating it was far worse than initial reports.

Originally uncovered in October when veteran security journalist Brian Krebs revealed a breach had likely taken place, the Staples data breach was originally linked only to fraudulent transactions made with cards stolen from the company's locations in New York, Pennsylvania and New Jersey. Staples had failed to provide any clarification in its latest 10-Q filing to the U.S. Securities and Exchange Commission in November.

On Friday the company has provided an update that estimates approximately 1.16 million payment card numbers may have been affected, as well as other transaction data including cardholder names, expiration dates and verification codes. Staples also confirmed that point-of-sale malware may have infected 115 systems at more than 1,400 of its 1,800 plus U.S. stores from July 20 until Sept. 16, when the company, based in Framingham, Mass., said it began the process of eliminating the malware.

Staples denied that it found any malware activity on its systems predating July 20, though the firm received reports that fraudulent payments were made with customers' cards used at four Manhattan locations dating back to April. Still, the company will offer credit monitoring, credit reports and other measures to customers that used payment cards in stores dating back to that period.

Staples provided a full list of the stores believed to have been compromised by the malware.

"Staples is committed to protecting customer data and regrets any inconvenience caused by this incident," the company wrote in its statement. "Staples has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools."

Next Steps

RAM scraping point-of-sale malware has already been the subject of several U.S. government warnings to businesses this year, and the Backoff malware was speculated to have infected more than 1,000 businesses. Learn how whitelisting technology may be able to help your company defeat POS malware infections.

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Understanding and responding to POS malware

GUIDE SECTIONS

  1. Warnings
  2. Nature
  3. Defense
  4. Glossary

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The most difficult thing about this, from a consumer standpoint, is that we now need to change cards, passwords and other info again. It's getting to the point that the convenience of using credit and debit cards isn't really convenient. Either the government has to step in and levy fines and punishments to organizations that allow this to happen because of outdated systems and poorly trained personnel, or we go back to using pieces of gold to buy stuff.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close