Staples has verified it is looking into a possible data breach following a report cautioned that elevated amounts of payment card fraud had been recently associated with card numbers utilized by consumers who shopped at the office supply store.
“Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” Staples Staples spokesperson Mark Cautela informs Info Security Media Group.
The store verified the investigation after security writer Brian Krebs noted that sources at six East Coast banks saw an increase in card-related fraud that appeared to match with cards which were used by shoppers at 11 Staples locations across New Jersey, New York City and Pennsylvania.
The fraudulent purchases had been apparently made in non-Staples locations, which implies that criminals might have used point-of-sale malware to harvest the credit card numbers, after which either developed and used fake cards using the stolen data, or maybe used the info to make counterfeit buys online.
Staples has in excess of 2,000 stores in 26 countries, which includes 1,800 throughout the United States and Canada.
“We take the protection of customer information very seriously and are working to resolve the situation,” company spokesman Cautela says. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”
Cautela rejected to comment further around the information on the possible breach and related investigation, including whether or not POS malware was believed to be the culprit.