Hackers Obtain Personal Data From 1.16Mln Payment Cards: Staples Inc.

MOSCOW, December 20 (Sputnik), Ekaterina Blinova — Staples Inc. has admitted that hackers allegedly stole personal information from almost 1.16 million payment cards earlier this year, using malicious software to breach into their point-of-sale system.

"Staples didn't identify the attackers but said the malware got into its point-of-sale systems, which include the cash registers and terminals that handle credit card and debit card transactions. The company said it believes the hackers may have got access to shoppers’ names, card numbers, expiration dates and card verification codes," the Wall Street Journal reported.

Almost 115 stores of the supply chain were infected by the malware and perpetrators gained access to customers’ data from August 10 through September 16, 2014. Staples announced that it was also informed of fraudulent payment card use in four stores in Manhattan, New York, from April through September 2014, although the POS systems of the stores had not been infected.

It should be noted that the incident has become one more case in a string of "high-profile" cyber attacks on the American biggest supply chains: for instance, a data theft at Home Depot Inc. affected almost 56 million card identities, while a year ago perpetrators obtained information from 40 million cards due to the breach into Target Corp.'s systems.

The Wall Street Journal notes that the list of hacked retailers also includes Neiman Marcus Group, restaurant chain P.F. Chang's China Bistro Inc., and Goodwill Industries International Inc. stores.

According to Staples Inc.'s official statement, the company "is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report," to those who used credit cards in affected stores of the chain.

"Typically, customers are not responsible for any fraudulent charges on their credit cards that are reported in a timely fashion," the statement says.

Assuring customers that the company is "committed to protecting customer data," Staples informs it has improved the security of its point-of-sale systems.