Banks: Credit Card Breach at Staples Stores

  • 21 October 2014
  • 5 replies
  • 871 views

Userlevel 7
Badge +3
 Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.
 
   http://krebsonsecurity.com/2014/10/banks-credit-card-breach-at-staples-stores/

5 replies

Userlevel 7
Badge +3
  Indications that cash registers at several Staples stores in Pennsylvania, New York and New Jersey have been compromised with card-stealing malware came in the form of fraudulent charges - the attackers apparently used the stolen information to clone payment cards and used them at other retailers and supermarkets.
 
  http://www.net-security.org/secworld.php?id=17518
Userlevel 7
Here's some more information on this developing story.
 


 
(Source: Forbes) 
 
According to Forbes (as well as the Krebs piece), Staples confirmed that it is investigating the potential breach, but didn't offer much more than the following brief statement from Staples Senior Public Relations Manager Mark Cautela: 
 
"Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement...We take the protection of customer information very seriously, and are working to resolve the situation. If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”
 
I'm sure we'll see updates to this news continue to roll in as more information is discovered. For now, you can read the aforementioned Forbes article by following the link above. 
Userlevel 7
I think you are right... we are likely to hear a lot more about this in the coming days at Staples determines just how large the breach was.  
 
One nice breath of fresh air here though... Staples is being overall pretty open during the process of investigating the breach... a lot different than another recent breach in which the company was advised of a possible problem in July, and yet did not get the problem really identified, nor provide any information to the public at all, until late September or October.  (I cannot recall which company it was offhand, but it was well reported in the Community if anyone wants to take the time to search for it.)
Userlevel 7
Badge +54
@ wrote:
I think you are right... we are likely to hear a lot more about this in the coming days at Staples determines just how large the breach was.  
 
One nice breath of fresh air here though... Staples is being overall pretty open during the process of investigating the breach... a lot different than another recent breach in which the company was advised of a possible problem in July, and yet did not get the problem really identified, nor provide any information to the public at all, until late September or October.  (I cannot recall which company it was offhand, but it was well reported in the Community if anyone wants to take the time to search for it.)
Well if they are being it means they have their heads screwed on right. Customers obviously hate having their accounts hacked into via these businesses BUT I would imagine that a large percentage are more forgiving if the business in question is completely open with them about the state of affairs.
There have been several breaches recently @ , KMart, Dairy Queen, JP Morgan, they are the first to come to mind.
Userlevel 7
The following is a update:
(Staples Confirms 1.2 Million Cards Lost in Breach)
by Michael Mimoso
 
 
Retailer Staples has confirmed that point-of-sale malware had been used at 115 of its retail locations in the United States and criminals were able to access 1.16 million payment card numbers during a six-month-long intrusion.
Staples said it removed the malware in September from the affected locations, but the more than one million customers affected have had card data, including cardholder names, payment card numbers, expiration dates and card verification code exposed.
 
At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014,” Staples said in a statement. “At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.
 
full article
 
 

Reply