X

Staples probes potential theft of customer credit card data

A pattern of payment card fraud suggests that data was stolen from cash registers in the Northeast US, security reporter Brian Krebs reports.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

newsfdhacking270x193.jpg
Staples may be the latest victim in a spate retailer credit card breaches. CNET

Staples said late Monday that it is investigating a "potential issue" involving its customers' credit card data in what could be the latest US retailer to fall victim to a payment card system security breach.

The office supply chain announced it was working with law enforcement officials after security reporter Brian Krebs reported that "multiple banks" had identified patterns of payment card fraud that suggested data had been stolen from several locations in the Northeastern US. The pattern suggests that Staples cash registers in a handful of locations were infected with data-stealing malware similar to that used in other security breaches that allows thieves to create counterfeit cards, Krebs wrote.

"We take the protection of customer information very seriously, and are working to resolve the situation," Mark Cautela told Krebs. "If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis."

Staples did not immediately respond to a request for additional comment.

It wasn't immediately clear how many customers may be affected. The Framingham, Mass.-based chain has more than 1,800 stores nationwide, but Krebs said that it appears the theft is limited to a small subset of stores.

Data-stealing malware has become a popular tool of fraudsters in recent months. Home Depot revealed last month that 56 million customer credit cards were put at risk of theft as a result of a security breach that used custom-built malware to evade detection. A similar method was used late last year to expose the credit card data of 40 million Target customers and the personal information for an additional 70 million customers.

Since the Target hack, there has been an apparent uptick in security breaches at retail locations. Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang's all revealed they were victims of security breaches aimed at stealing customers' credit card information.