Staples Acknowledges Summer Data Breach Compromised 1.16 Million Cards
Dec. 22, 2014
On Friday, nearly two months after office supply retailing giant Staples responded to rumors of a possible data breach by launching an investigation, the Framingham, Mass.-based company acknowledged the intrusion. In a statement, Staples said malware installed on POS systems at 115 of its 1,400 U.S. stores has exposed the payment card information of 1.16 million customers. The company said the breach, in most cases, affected customers who shopped at the stores from Aug. 10, 2014 through Sept. 16, 2014.
The statement indicated that the data compromised in the breach likely included cardholder names, payment card numbers, expiration dates and CVV codes. As has become customary in events of this nature, Staples has responded by “offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to customers who used a payment card at any of the affected stores during the relevant time periods.”
The company published a list of the affected stores and the dates customers at each of those stores was vulnerable.