The world’s largest office supply retailer Staples has revealed that up to 1.16 million of its clients’ payment cards might have been “affected” by a massive malware attack on the company’s point-of-sales systems.
“Staples’ data security experts detected that criminals deployed malware to some point-of-sale systems at 115 of its more than 1,400 US retail stores,” the company said in a press release.
The investigation which was launched after the discovery of the malware attack in mid-September, revealed that the virus exposed some transaction data, including cardholder names and payment card numbers details.
“At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014,” the company said.
After detection, Staples claims it has enhanced its security and worked closely with payment card companies and law enforcement on this matter.
Overall, the company believes that approximately 1.16 million payment cards may have been affected, in a breach which was first announced in October. To those affected the company is offering free identity protection services including “credit monitoring, identity theft insurance, and a free credit report.”
The Staples incident is the latest in a row of massive data breaches at large retailers in the US in less than a year. At Home Depot, data for 56 million cards and 53 million e-mail addresses was stolen in November. While in March, Target’s breach resulted in potential theft of 40 million cards and 70 million addresses and other personal information.