Banks have identified a string of credit card fraud involved at the one of the largest office supply retailers, Staples Inc. located in Northeastern United States, suggesting the office supply retailer may have suffered a data breach. Staples said the company is investigating “a potential issue” and has contacted law enforcement.
According to Brian Krebs, more than a half-dozen sources in the financial industry operating out of the East Coast have identified the possible Staples breach, making it apparent that hackers were able to breach the systems stealing customers card data from a number of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.
Framingham Massachusetts-based Staples operates more than 1,800 storefronts nationwide, thus far banks have only traced a pattern of fraudulent transactions to a group of cards that were found used at a small number of Staples locations throughout the Northeast part of the United States.
Bank identified the fraudulent transactions at other non-Staples business locations, including supermarkets and big-box retailers. This suggests Staples point-of-sale devices were infected with some form of malware, allowing the hackers to steal payment card numbers and swipe data, allowing thieves to create counterfeit copies of customers cards.
Point-of-Sale malware is common and the most efficient way for attackers to compromise payment card information. When the sale system is infected, any cards swiped, data input or other forms of payment methods, other than cash, are all stolen by the malicious actors. Allowing them to then sell the stolen card data for other fraudsters to abuse.
Staple’s Senior Public Relations Manager, Mark Cautela, confirmed Staples is currently undergoing investigation for a “potential issue involving credit card data and has contacted law enforcement.”
“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”
If Staples has suffered a data breach, they can be added to the list of the hundreds of companies that have suffered some form of payment card stealing malware. Federal law enforcement is currently investigating the banks claims at Staples retail locations.