Staples probes potential theft of customer credit card data

newsfdhacking270x193.jpg
Staples may be the latest victim in a spate retailer credit card breaches.
CNET

Staples said late Monday that it is investigating a “potential issue” involving its customers’ credit card data in what could be the latest US retailer to fall victim to a payment card system security breach.

The office supply chain announced it was working with law enforcement officials after security reporter Brian Krebs reported that “multiple banks” had identified patterns of payment card fraud that suggested data had been stolen from several locations in the Northeastern US. The pattern suggests that Staples cash registers in a handful of locations were infected with data-stealing malware similar to that used in other security breaches that allows thieves to create counterfeit cards, Krebs wrote.

“We take the protection of customer information very seriously, and are working to resolve the situation,” Mark Cautela told Krebs. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”

Staples did not immediately respond to a request for additional comment.

It wasn’t immediately clear how many customers may be affected. The Framingham, Mass.-based chain has more than 1,800 stores nationwide, but Krebs said that it appears the theft is limited to a small subset of stores.

Data-stealing malware has become a popular tool of fraudsters in recent months. Home Depot revealed last month that 56 million customer credit cards were put at risk of theft as a result of a security breach that used custom-built malware to evade detection. A similar method was used late last year to expose the credit card data of 40 million Target customers and the personal information for an additional 70 million customers.

Since the Target hack, there has been an apparent uptick in security breaches at retail locations. Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang’s all revealed they were victims of security breaches aimed at stealing customers’ credit card information.

Check Also

Sony threatens to sue Twitter over tweets with hacked emails

Sony Pictures is going after Twitter to kill tweets that contain embarrassing emails obtained in a massive hack. AFP/Getty Images Seeking to stem the spread of company secrets, Sony Pictures has threatened to sue Twitter if it does not ban accounts that tweet information allegedly leaked in the studio’s massive security breach. The threat was …

Leave a Reply