Staples says security breach may have affected 1.16 million cards

Staples says security breach may have affected 1.16 million cards

A Staples truck delivers office supplies in San Diego, California September 24, 2013.

Credit: Reuters/Mike Blake

(Reuters) – Office-supply retailer Staples Inc (SPLS.O) said about 1.16 million payment cards might have been affected by the data breach announced in October.

An investigation by external data security experts showed that criminals deployed malware to some point-of-sales systems at 115 U.S. stores, Staples said.

The company said it has since eradicated the malware.

Staples, which has more than 1,400 stores in the country, said the malware might have allowed access to some transaction data, including cardholder names, payment card numbers, expiration dates, and card verification codes.

At 113 stores, the malware may have allowed access to data for purchases from Aug. 10 through Sept. 16. At two stores, the access may have been for purchases from July 20 through Sept. 16.

The investigation also reported some fraudulent payment card usage related to four Manhattan stores, but those did not have malware.

Staples became the latest U.S. retailer to combat security data breaches after Sears Holdings Corp (SHLD.O) said in October it was the victim of a cyberattack that likely resulted in the theft of some customer payment cards at its Kmart stores.

Shares of Staples have jumped 40.85 percent since Oct. 21, when the company announced the investigation.

(Reporting By Yashaswini Swamynathan in Bengaluru; Editing by Joyjeet Das)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.