Point of Sale Alert: Staples Investigating Potential Data Breach

Readers who’ve recently shopped at a Staples office supply retail location may want to keep an extra close eye on their credit card balance. Late last night, Brian Krebs – an Internet security journalist who has closely followed and reported on point of sale data breaches throughout 2014 – wrote that a number of banks on the United States’ east coast believe that at least some of the retailer’s locations have been infected with point of sale malware. Locations mentioned in the initial report include Pennsylvania, New York City, and New Jersey; however, it is entirely possible that the breach may extend to all 1,800 U.S. based Staples stores. Staples, Inc. has yet to confirm or deny the breach, but a spokesperson has stated that the company is investigating a “potential issue involving credit card data and has contacted law enforcement.”

If confirmed, this latest breach will add to what is already an unprecedented series of point of sale malware attacks affecting U.S. big-box retailers, which began nearly one year ago with Target and peaked most recently with The Home Depot in a breach that affected approximately 56 million payment cards.

Readers who notice any suspicious credit or debit card activity are urged to contact their provider as soon as possible.

In related news, on October 17th U.S. President Obama signed and released an Executive Order in an attempt to remedy the nation’s ongoing POS problem. Accordingly, all U.S. government credit card transactions will make the switch to chip-and-PIN technology starting January 1st, 2015. This will include upgrading payment terminals at all government retail locations, and implementing the chip-and-PIN design on all payment cards issued to government employees. The order has been signed in hopes that the U.S. government will encourage businesses throughout the nation to make the switch as well, and it even makes mention of a number of private sector corporations that have already taken steps to do so, including: American Express, The Home Depot, Target, Visa, Walgreens, and Walmart.

Have a great (breach-free) day!

For initial coverage from Brian Krebs, see Banks: Credit Card Breach at Staples Stores.