The world’s largest office supply retailer Staples has revealed that up to 1.16 million of its clients’ payment cards might have been “affected” by a massive malware attack on the company’s point-of-sales systems.
“Staples’ data security experts detected that criminals deployed malware to some point-of-sale systems at 115 of its more than 1,400 US retail stores,” the company said in a press release.
The investigation which was launched after the discovery of the malware attack in mid-September, revealed that the virus exposed some transaction data, including cardholder names and payment card numbers details.
“At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014,” the company said.
After detection, Staples claims it has enhanced its security and worked closely with payment card companies and law enforcement on this matter.
Overall, the company believes that approximately 1.16 million payment cards may have been affected, in a breach which was first announced in October. To those affected the company is offering free identity protection services including “credit monitoring, identity theft insurance, and a free credit report.”
The Staples incident is the latest in a row of massive data breaches at large retailers in the US in less than a year. At Home Depot, data for 56 million cards and 53 million e-mail addresses was stolen in November. While in March, Target’s breach resulted in potential theft of 40 million cards and 70 million addresses and other personal information.
You know, after Target got hit with the credit card breach, I said “Watch them slowly continue to do it with other stores until all stores are breached and no card is safe”. Sure enough, that’s what they are doing. I guess they want to keep doing it so the people will cry for more government control on cards (insert biometric chip and fingerprint and iris scan here) rather than just catch the criminals doing it or hold those responsible for it. Of course that would be too easy and then they wouldn’t have an excuse to further implement measures to control people. Problem reaction solution as always.