On October 21 we reported a suspected payment card data breach at office supply store Staples. Staples has now confirmed that a breach did indeed take place earlier this year as a result of a point-of-sale (POS) malware attack.
A Staples spokesperson said:
“We are continuing to investigate a data security incident involving an intrusion into some of our retail point-of-sale and computer systems. We believe we have eradicated the malware used in the intrusion and have taken steps to further enhance the security of our network. “
Staples is yet to announce how many stores were affected by this attack, but security blogger Brian Krebs has said that sources close to the investigation believe the attack impacted roughly 100 stores.
The same sources have also suggested that the attack on Staples was “powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores”.
Staples has said that it is working with law enforcement agencies and is investigating whether any retail transaction data was compromised.
Black Friday is fast approaching and I wouldn’t be surprised if cyber criminals have already begun to attack other large retailers.
Subscribe to our hacks and breaches updates
[email-subscribers namefield=”YES” desc=”” group=”databreachupdates”]