Live: Amazon Event Wednesday Probe Crashes Into Asteroid Prime Day 2: Oct. 11-12 Tesla AI Day Hurricane Ian Satellite Images Save on iPad Pro Refurbs Apple Watch Ultra Review EarthLink Internet Review
Want CNET to notify you of price drops and the latest stories?
No, thank you

Staples probes potential theft of customer credit card data

A pattern of payment card fraud suggests that data was stolen from cash registers in the Northeast US, security reporter Brian Krebs reports.

Staples may be the latest victim in a spate retailer credit card breaches. CNET

Staples said late Monday that it is investigating a "potential issue" involving its customers' credit card data in what could be the latest US retailer to fall victim to a payment card system security breach.

The office supply chain announced it was working with law enforcement officials after security reporter Brian Krebs reported that "multiple banks" had identified patterns of payment card fraud that suggested data had been stolen from several locations in the Northeastern US. The pattern suggests that Staples cash registers in a handful of locations were infected with data-stealing malware similar to that used in other security breaches that allows thieves to create counterfeit cards, Krebs wrote.

"We take the protection of customer information very seriously, and are working to resolve the situation," Mark Cautela told Krebs. "If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis."

Staples did not immediately respond to a request for additional comment.

It wasn't immediately clear how many customers may be affected. The Framingham, Mass.-based chain has more than 1,800 stores nationwide, but Krebs said that it appears the theft is limited to a small subset of stores.

Data-stealing malware has become a popular tool of fraudsters in recent months. Home Depot revealed last month that 56 million customer credit cards were put at risk of theft as a result of a security breach that used custom-built malware to evade detection. A similar method was used late last year to expose the credit card data of 40 million Target customers and the personal information for an additional 70 million customers.

Since the Target hack, there has been an apparent uptick in security breaches at retail locations. Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang's all revealed they were victims of security breaches aimed at stealing customers' credit card information.