Over 1 Million Credit Cards Exposed In Staples Hack
The popular office supplies store, Staples, was recently hacked. The story first broke when security specialist Brian Krebs found evidence of fraudulent transactions linked to credit and debit cards used to buy goods at Staples in the Northeastern section of the United States. Since his discovery, the scope of the attack has widened to Staples stores across the country.
The credit card data of customers who shopped at 115 Staples stores from Connecticut to California is now in the hands of malicious hackers. In total, the data breach will affect around 1.16 million Staples customers.
Cyber thieves developed a malware to infiltrate Staples stores in 35 states. They accessed the stores’ point of sale systems to steal sensitive customer data. Although 115 Staples locations were violated, it is worth noting that the chain has more than 1,400 locations in the United States. So the damage is bad but it could have been significantly worse.
Staples’ in-house digital security team removed the malware in mid-September. It took until October for the retailer to confirm the data breach. The retailer states that it has since bolstered its security measures with up to date encryption tools. The computer hackers‘ malware stole credit card data as well as debit card information, customer names, payment card numbers, card verification codes and card expiration dates.
Unfortunately, the hackers collected data on purchases made across a fairly lengthy time span that began on August 10 and extended all the way to September 16. Staples has admitted that this time period might not be accurate for two of its stores. A more reasonable time period of exposure for those two stores is July 20 to September 16, 2014. Customers who shopped at Staples stores in this time period have scrambled to determine if hackers have used their personal information to fraudulently purchase goods and services from other businesses.
Staples is proactively combating this terrible news by offering special services to the affected customers. The retailer is providing no cost identity protection services, a free credit report, identity theft insurance and credit monitoring to customers who used payment cards at the affected stores during the time periods specified above.
This latest hack is just one of many in a long line of data breaches suffered by retailers in 2014. Security industry experts predict that there will be a massive rollout of new protective technologies over the course of the next few years. Chips have been added to payment cards in many countries but the US hasn’t fully hopped on board with this preventative measure.