Staples said late Monday that it is investigating a "potential issue" involving its customers' credit card data in what could be the latest US retailer to fall victim to a payment card system security breach.
The office supply chain announced it was working with law enforcement officials after security reporter Brian Krebs reported that "multiple banks" had identified patterns of payment card fraud that suggested data had been stolen from several locations in the Northeastern US. The pattern suggests that Staples cash registers in a handful of locations were infected with data-stealing malware similar to that used in other security breaches that allows thieves to create counterfeit cards, Krebs wrote.
"We take the protection of customer information very seriously, and are working to resolve the situation," Mark Cautela told Krebs. "If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis."
Staples did not immediately respond to a request for additional comment.
It wasn't immediately clear how many customers may be affected. The Framingham, Mass.-based chain has more than 1,800 stores nationwide, but Krebs said that it appears the theft is limited to a small subset of stores.
Data-stealing malware has become a popular tool of fraudsters in recent months. Home Depot revealed last month thatas a result of a security breach that used custom-built malware to evade detection. A similar method was used late last year to and the personal information for an additional 70 million customers.
Since the Target hack, there has been an apparent uptick in security breaches at retail locations. Over the past few months, arts and crafts retail chain, department store , and restaurant chain all revealed they were victims of security breaches aimed at stealing customers' credit card information.