Staples may have been the latest victim in a series of cyber attacks on American retailers. Target was the center of a major breach last year, as was Neiman Marcus, and Home Depot made headlines last month when 56 million payment cards were compromised. Staples so far haven’t confirmed whether or not such an attack took place, but the company admitted that it’s digging into its systems to find out.
“Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” the company said earlier this week. “We take the protection of customer information very seriously, and are working to resolve the situation.”
The company issued its statement after Krebs on Security, a security researcher who has broken news on previous breaches, heard from banks that investigations were ongoing. Krebs said that credit card “fraudsters” might have compromised data in “seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.” Krebs said he suggests that the credit card machines in Staples locations may have been infected with malware capable of providing payment data to the attackers.
Staples said it would not hold customers who may be affected by the breach responsible for any charges, so long as the charges are reported in a “timely basis.”