Overall, the company believes that approximately 1.16 million payment cards may have been affected. Upon detection, Staples immediately took action to eradicate the malware and to boost its security. Staples also retained outside data security experts to investigate the incident and has worked closely with payment card companies and law enforcement on this matter.
Based on its investigation, Staples believes that malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes. At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.
During the investigation Staples also received reports of fraudulent payment card use related to four stores in Manhattan, New York at various times from April through September 2014.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now