Staples Inc. said Friday that a data security breach discovered in October may have exposed information on about 1.16 million payment cards. Hackers deployed malware to some point-of-sale systems in 115 of the office supply company's 1,400 stores. Staples said it has since eradicated the malware and hired outside experts to investigate. “Based on its investigation, Staples believes that malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes,” the company said in a statement.
Staples said it received reports of fraudulent payment card use at four stores in Manhattan from April through September. However, the investigation found no malware or suspicious activity related to the payment systems at those stores, Staples said. You can find a list of affected stores and dates here. The company is offering free identity protection services — including credit monitoring, identity theft insurance a free credit report — to customers who might be at risk.
IN-DEPTH
- Online or at Store Registers, Shoppers Worry About Hacks
- Staples Investigating Possible Payment Card Data Breach