Staples could be the next big name US retail brand to have suffered a major data breach this year, after reports emerged that several banks have identified fraud patterns to that effect.
Seven Staples stores in Pennsylvania, three in New York City and one in New Jersey are thought to have been affected, sources at “half a dozen banks operating on the East Coast” told Brian Krebs.
The office supplies chain has over 1,800 stores nationwide but the card fraud appears to have been carried out at just a handful in the north-east of the country, he added.
The card fraud also occurred at other stores in the region such as various supermarkets, so it could be that malware installed at Staples lifted card data, allowing attackers to create counterfeit plastic to use elsewhere, Krebs argued.
Staples senior PR manager, Mark Cautela, said that the firm had contacted law enforcement and was investigating a “potential issue.”
“We take the protection of customer information very seriously, and are working to resolve the situation,” he told the former Washington Post man.
“If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”
If the firm does turn out to have breached, it will be the latest in a long line of big name brands to have been found wanting this year alone.
Home Depot, Goodwill Industries, PF Chang’s, eBay, JPMorgan and many others have been hit. In fact, even as of July this year more than 400 breach incidents had been reported.
Robert Twitchell, a subject matter cyber security expert for the Department of Defense and CEO of Dispersive Networks, argued that the increasing number of incidents may have an unlikely source.
"A lot of people don't realize that state-sponsored hacking programs are either directly or indirectly behind many of the current data breaches going on in the US,” he said. “These foreign nations have made their hacking tools available to criminals who can use them for financial gain.”
Traditional virus detection tools are simply not up to the job of spotting and blocking such threats, he added.