CNET también está disponible en español.

Ir a español

Don't show this again

Security

Staples: Hack may have affected more than a million payment cards

The office supply chain says a breach that took place earlier this year gave attackers access to cardholder names, card numbers, expiration dates and card verification codes.


Staples joins Target, Home Depot and a host of other retailers that have become victims of hacking attacks. CNET

Office supply chain Staples said Friday that a hack attack on some of its retail outlets earlier this year may have affected 1.16 million payment cards used by customers, giving attackers access to cardholder names, card numbers, expiration dates and card verification codes.

It's the latest news of an attack involving hackers placing malware, or malicious software, on point-of-sale systems. In September, home-improvement chain Home Depot said 56 million credit cards had been put at risk by such an attack. Prior to that, at the end of 2013, Target was attacked in a similar breach the chain estimated could have affected a third of the US population. Art-supply chain Michaels Stores, department store Neiman Marcus and restaurant chain P.F. Chang's have also been victims of data breaches.

Staples said the malware attack spanned the country, affecting 115 of its more than 1,400 US stores from New York to California and that it involved purchases made from late July through mid-September. Another four stores, in Manhattan, may have seen fraudulent payment card use from April through September, though no malware was detected at those outlets.

The company is offering free identity protection services -- including credit monitoring, identity theft insurance and a free credit report -- to customers who used their cards at the affected stores during the specific time periods. The company released a complete list of stores and dates, which is available online (PDF).

Staples had said in October that it was investigating a

"Typically, customers are not responsible for any fraudulent charges on their credit cards that are reported in a timely fashion," the company said in a statement Friday. "Staples customers who shopped at the affected stores during the relevant time periods should review their account statements and notify their card issuers of any suspicious activity."