It's been a busy year for hackers, who collectively have been infiltrating various retail chains at a fierce pace. That includes office supply chain Staples, which on Friday revealed that around 1.6 million payment cards may have been affected by a recent "security incident" in which hackers deployed malware to a "small percentage" of point-of-sale systems. How small? Staples said the malware affected 115 of its more than 1,400 U.S. retail stores.
The revelation into the number of potentially affected customers is an update to an incident that occurred back in September. Staples said it took immediate action to rid its systems of the malware and beef up its security, though the full extent the damage apparently wasn't known until now.
"Staples also retained outside data security experts to investigate the incident and has worked closely with payment card companies and law enforcement on this matter. Based on its investigation, Staples believes that malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes," the office supply chain said.
The malware did most of its damage from August 10, 2014, through September 16, 2014, though it may have also allowed access to customer data from purchases made as early as July 20, 2014 in at least two Staples locations.
As other chains have done following a data breach and theft of customer information, Staples is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report to customers who used a payment card at any of the affected stores during the relevant time periods.