Staples on Friday confirmed that some of its stores were hit by hackers this year, who were able to steal up to 1.16 million credit cards and debit cards during various periods of time, with a few locations having been hit as far back as April 2014.
Online publication Krebs on Security, which first reported about this potential attack on Staples in mid October, says that there do not appear to be any links between the similar attacks suffered by Target and Home Depot, both significantly bigger in scope than the Staples breach.
“Based on its investigation, Staples believes that malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes,” the company said in a statement. “At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.”
Additionally, cards connected to four other stores in Manhattan, New York, have been used for fraudulent payments, from April through September 14.
Staples said that it’s offering “free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to customers who used a payment card at any of the affected stores during the relevant time periods.”
Buyers who might have been affected by the hack should check out the resources at the source section below, including a list of stores that have been hit by hackers.