Brian Krebs, the man who originally reported the Home Depot data breach earlier this year, now believes that Staples has been subjected to a data breach of its own. Krebs says that at least six banks noticed a pattern of debit and credit card fraud in several Staples branches, indicating that card data might have been accessed.
At Krebs on Security, Krebs notes that every card that has been connected to this potential breach was used in one of seven or so stores in the Northeast, so even if Staples has been infiltrated, it looks like the range is relatively limited. Interestingly, the cards were affected by other fraudulent charges as well outside of Staples, which Krebs believes could be a sign that Staples is a victim of cash register malware which allows hackers to make fake copies of credit and debit cards.
When asked about the breach, Staples spokesman Mark Cautela was willing to admit that the company is investigating “potential issue involving credit card data and has contacted law enforcement.”
“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela told Krebs. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”