The office supply chain Staples Inc. is reportedly looking into a payment card breach, potentially making it the latest in a long line of retail establishments to suffer a compromise over the last year.
“Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” Mark Cautela, a Staples company spokesman, cautioned via a statement on Monday.
The announcement follows up a report from security reporter Brian Krebs yesterday that a series of banks on the east coast have recently noticed a suspicious pattern of card fraud at the store.
The Framingham, Mass.-based Staples boasts almost 2,000 locations worldwide but for the time being, only data from a handful of Staples locations, including stores in Pennsylvania, New York City, and New Jersey, appears to have been compromised according to Krebs. This suggests the fraudulent activity may be limited to the Northeast.
“The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers,” Krebs wrote late Monday, adding that because cash registers at some of the affected Staples locations “may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.”
“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said.
Staples didn’t divulge any further information regarding the potential breach but did insist that in the event that Staples finds an issue, “customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”
If a breach ultimately were discovered, Staples would join Kmart, Dairy Queen, and JPMorgan Chase on the list of companies who have confirmed a data breach this month.