Office Supply Chain Staples May Be Latest Victim Of Credit Card Data Breach

Chuck Bednar for – Your Universe Online
Staples is investigating a potential credit card data breach and has contacted law enforcement officials about the matter, meaning that the US-based office supplies chain could be the latest in a growing list of retailers to be victimized by cybercriminals, various media outlets reported on Tuesday.
According to Reuters, Staples spokesman Mark Cautela released a statement late Monday night confirming that the Framingham, Massachusetts-based company was “in the process of investigating a potential issue involving credit card data,” and that it had contacted law enforcement and was “working to resolve the situation.”
“We take the protection of customer information very seriously… If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis,” he continued. However, the company provided no additional information about the data breach, Reuters added.
While Staples is only now addressing the potential cyberattack, security expert Brian Krebs first brought up the possibility of an data breach in a blog entry dated October 14. In that post, Krebs wrote that multiple banks had reported a pattern of credit and debit card fraud – activity which indicated that multiple Staples locations in the northeastern US were in the process of dealing with a data breach.
“According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey,” he explained.
“The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers,” Krebs added. “This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.”
As the Associated Press (AP) pointed out, Sears Holding Corp. reported a data breach at its Kmart stores earlier this month – one that dated back to September and may have resulted in the credit and debit cards of customers being compromised. Likewise, Target, Dairy Queen, Supervalu Inc. and Home Depot have also recently experienced such breaches.
With so many American business being targeted by cybercriminals as of late, the US government is calling for more widespread adoption of chip-and-PIN or EMV smart card technology and the replacement of the magnetic strip payment cards at point-of-sale terminals at retailers, according to BBC News.
“With over 100 million Americans falling victim to data breaches over the last year, and millions suffering from credit card fraud and identity crimes, there is a need to act and move our economy toward secure technologies that better secure transactions and safeguard sensitive data,” the Obama administration said in a recent statement.