New Numbers From Staples Breach: 1.16 Million Payment Cards Affected

December 29, 2014         By: Steven Anderson

1.16 million: that’s how many cards were actually affected by the data breach that Staples experienced back in September, according to a report from Staples proper. The word that’s emerged has proven to be downright disastrous, and it may well have been worse than anyone thought.

But perhaps worse, according to Staples, is just how far malware got into the overall organization.

The reports from Staples said that malware had slipped into 115 of its stores, nearly 10 percent of the total as Staples has over 1,400 stores to its credit, and that the malware in question “…may have allowed access to some transaction data at affected stores.” The “transaction data” in question included things like cardholder names, payment card numbers, and verification codes.

Either one of those points would be bad enough, but then a cryptic remark escaped Staples, as the company noted—without much in the way of explanation—that it was looking into “…fraudulent payment card use related to four stores in Manhattan, New York.” Staples did note that the incidents weren’t really related to the recent payment card breach, however, since there wasn’t any malware involved.

The good news here, however, is actually two-fold. One, Staples is taking steps to protect its users in the short term.

Staples is offering up free identity protection services, identity theft monitoring, credit monitoring, and even a free credit report to those customers who used payment cards during specific time frames—check with the company to see if you’re among those affected—as well as those stores that had confirmed malware.

Two, Staples is also augmenting its security procedures, bringing in a set of encryption tools specifically geared toward making data unreadable if stolen or otherwise accessed inappropriately.

While these data breaches have occurred too frequently in the past year, Staple’s response seems to be the standard. There’s immediate protection for those who may have come under fire as a result of this, and there’s a clear wake-up call to improve security, something that Staples is currently at work doing.

Further changes in the pipeline to help prevent these data breaches from happening—particularly the move from magnetic stripe cards to EMV, an industrywide improvement that can’t come soon enough.