Staples: Customer data exposed in security breach

In this May 17, 2011 file photo, a Staples sign is displayed on the front of a Staple store, in Portland, Ore. Staples says it will shutter 225 North American stores, about 10 percent of Staples Inc.'s worldwide total of 2,200, by the end of 2015, and the office-supply retailer has started a plan to save about $500 million annually. (AP Photo/Rick Bowmer, File)

PORTLAND, Ore. (AP) — Staples Inc. says nearly 1.2 million customer payment cards may have been exposed during a security breach earlier this year.

The office supply retailer announced in October that it was looking into a potential credit card breach, adding to a long list of retailers recently hit by cyberattacks.

Staples said Friday that an investigation shows that the criminals used malware that may have allowed access to information for transactions at 115 of its U.S. stores, which total more than 1,400. That includes cardholder names, payment card numbers, expiration dates and card verification codes.

The Framingham, Massachusetts-based company is offering free identity protection services — including credit monitoring, identity theft insurance a free credit report — to customers who might be at risk.

The security breach affected different stores at different times between July and September.

Staples said that it has also received reports of fraudulent card use tied to four of its New York stores between April and September. While it found no evidence of malware at those stores, it is also offering the protection services to customers there as well.

A number of retailers have suffered security breaches in recent memory.

During last year’s holiday shopping season, Target Corp. disclosed that it was hit with an attack that exposed details of as many as 40 million credit and debit card accounts. Home Depot announced in September that a data breach affected 56 million debit and credit cards, and later said hackers also stole 53 million email addresses. And the cyberattack on Sony Pictures Entertainment that came into the spotlight this week has put a number of companies on high alert to attend to the security of their own networks.

24-Hour News 8 discovered three Indiana stores are included in the breach stores:

  • 431 E. Clifty Dr. Madison, Ind. 47250 August 10, 2014 – September 16, 2014
  • 2630 S. Western Ave. Marion, Ind. 46953 August 10, 2014 – September 16, 2014
  • 1710 East Tipton Seymour, Ind. 47274 August 10, 2014 – September 16, 2014

WISHTV.com provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others and keep the conversation on topic and civil. If you see an inappropriate comment, please flag it for our moderators to review.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s