Staples Hack Involved 1.16 Million Payment Cards

Register now

Staples says a malware hack may have lifted 1.16 million payment cards from point of sale systems at 115 of its roughly 1,400 U.S. retail stores. The hackers may have lifted cardholder names, card numbers, experation dates and experation codes.

Staples detected and eliminated the malware in mid-September 2014. The company also hired third-party data security experts to investigate the incident and has worked closely with payment card companies and law enforcement on this matter, according to a statement from the retailer today.

See Also: Top 10 Security Incidents of 2014

Staples believes the malware was present in 113 stores from Aug. 10 through Sept. 16, 2014. An additional two stores were infected from July 20 though Sept. 16, 2014.  Staples is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to customers who used a payment card at any of the affected stores during the relevant time periods, the company said.

Staples' statement arrives as U.S. businesses and the U.S. government struggle to address the new cyber threat landscape. Security industry CEOs have warned for several years that hackers will ultimately move from retail systems to infrastructure -- attacking transportation, financial, power and energy systems.

A cyber attack on a German iron plant, for instance, has damaged IT systems and the physical infrastructure they control, The Wall Street Journal reported

Businesses across a range of industries are taking new steps to protect their systems. In retail, for instance, Home Depot and other players have been shifting their point of sale systems to encryption technology. And a growing number of retailers and banks have embraced Apple Pay and other digital wallet technology that supports encryption.

Still, cyber breaches seem to be accelerating as hackers exploit an increasingly connected world, and government agencies struggle to deliver new policies and procedures to mitigate -- or counter -- state-sponsored and rogue attacks.

For reprint and licensing requests for this article, click here.