RiskFinancial CrimeStaples Breach Compromises Nearly 1.2m Cards

Staples Breach Compromises Nearly 1.2m Cards

Staples said last week that nearly 1.2 million of its customers’ credit and debit cards may have been compromised, thanks to a security breach that impacted 119 stores between April and September 2014.

Security blogger Brian Krebs first reported on the breach at the end of October after multiple banks connected a number of fraudulent transactions to cards that had been used at Staples locations in the Northeastern United States. At the time, Staples would only confirm that it was looking into a potential incident.

Now the retailer has admitted that point-of-sale systems at 115 of its stores were infected with malware that may have compromised cardholder names, payment card numbers, expiration dates and card verification codes. Staples also received reports of fraudulent payment card use at four other stores in New York between April and September, though an investigation found no malware or suspicious activity on its point-of-sale systems at these locations.

Staples claims to have eradicated the malware and enhanced its security. It also said it worked with outside security experts, as well as law enforcement and payment card companies to resolve the matter.

According to a report by Russian and Dutch security researchers, the criminals who breached Staples
also hit 15 other retailers and have stolen approximately $25 million from banks
. The group, which is believed to be Russian and Ukrainian, has hacked more than 50 Russian banks since early 2013, stealing more than 1bn roubles. Most of the attacks occurred in the last six months.

Related Articles

Why working in silos is a killer when battling financial crimes

Cyber Security & Fraud Why working in silos is a killer when battling financial crimes

5m Andrew Simpson
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

7m Alex Kwiatkowski
Staying one step ahead: PSD2 and the future of fraud

Financial Crime Staying one step ahead: PSD2 and the future of fraud

8m Seth Ruden
8 predictions for treasury in 2018

Financial Crime 8 predictions for treasury in 2018

8m Bob Stark
FDIC sues 9 European banks over Libor

Banking FDIC sues 9 European banks over Libor

1y Victoria Beckett
Appreciating supply chain cyber risk

Cyber Security & Fraud Appreciating supply chain cyber risk

1y Peregrine Storrs-Fox
The death of the password: biometric banking

Automation The death of the password: biometric banking

1y Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

1y Keiron Dalton