FRAMINGHAM, Mass. (10/22/14)--Staples Inc. is investigating a possible breach of payment card data, the company announced Monday.
Although the office supply retail giant has 1,800 locations nationwide, it appears fraudsters have stolen data from a subset of Staples locations in Pennsylvania, New York City and New Jersey.
The breach appears to have occurred in a pattern of fraudulent transactions on a group of cards that had previously been used at a small number of Staples locations in the Northeast, according to information security Brian Krebs.
Fraudulent charges occurred at other businesses, such as supermarkets and other big-box retailers, an indication that the cash registers in at least some Staples locations may been infected with card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals, Krebs reported on his KrebsOnSecurity.com blog.
Staples told Krebs it has contacted law enforcement about the matter.
Also on Monday, the FBI reported nearly 519 million financial records have been stolen in the past year, with 439 million stolen in the last six months (USA TODAY Oct. 21). About 35% of the thefts were from website breaches, 22% were from cyber-espionage, 14% occurred at the point of sale when a purchase was made at a retail store, and 9% when someone swiped a credit or debit card, the FBI said.
The Credit Union National Association continues to press national lawmakers to pass legislation that would require merchants to meet the same strict payment data security standards imposed upon financial institutions. Credit unions nationwide saw 4.6 million of their cards compromised as a result of last year's Target breach, leading to about $30.6 million in breach-related costs.
CUNA also is collecting information on the financial and operational impact the Home Depot breach has had on credit unions. Completed surveys from credit unions affected by that breach are due Friday.