Staples ‘Investigating’ Possible Payment Card Data Breach

Staples has confirmed it has brought in law enforcement authorities to help investigate a possible security breach of its payment card systems, making it the latest major US retailer to be hit by such an attack.

“Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” said Staples senior public relations manager Mark Cautela. “We take the protection of customer information very seriously, and are working to resolve the situation.”

Pattern of fraud

Cautela added that Staples customers are not responsible for fraudulent activity on their credit cards that is reported in a timely manner. Staples didn’t offer further details on the matter.

Security blogger Brian Krebs first reported the incident on Monday, citing banking sources on the East Coast.

“It appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey,” he said in a blog post.

The apparent incident follows a cyberattack on retailer Sears earlier this month affecting customers of the company’s Kmart stores. Other recent incidents have affected Dairy Queen, Home Depot, Michaels and Nieman Marcus.

While details of the Staples case are as yet unknown, several recent incidents have involved the infection of point-of-sale terminals by malware, according to Mark Bower, vice president of product management at Voltage Security.

“The only realistic way merchants can foil malware from stealing the mag stripe data is to avoid live card data arriving into the POS,” he stated. Bower said improved encryption could help eliminate such attacks.

Are you a security pro? Try our quiz!