FRAMINGHAM, Mass.--(BUSINESS WIRE)--Dec. 19, 2014--
Staples, Inc. (Nasdaq: SPLS) today gave an update on the investigation
into its previously announced data security incident involving a small
percentage of its retail point-of-sale systems.
Staples’ data security experts detected that criminals deployed malware
to some point-of-sale systems at 115 of its more than 1,400 U.S. retail
stores. Upon detection, Staples immediately took action to eradicate the
malware in mid-September and to further enhance its security. Staples
also retained outside data security experts to investigate the incident
and has worked closely with payment card companies and law enforcement
on this matter.
Based on its investigation, Staples believes that malware may have
allowed access to some transaction data at affected stores, including
cardholder names, payment card numbers, expiration dates, and card
verification codes. At 113 stores, the malware may have allowed access
to this data for purchases made from August 10, 2014 through September
16, 2014. At two stores, the malware may have allowed access to data
from purchases made from July 20, 2014 through September 16, 2014.
As a result, and in light of Staples’ commitment to protecting its
customers, Staples is offering free identity protection services,
including credit monitoring, identity theft insurance, and a free credit
report, to customers who used a payment card at any of the affected
stores during the relevant time periods. Additional information about
the incident, including dates of potential access and how to sign up for
free credit monitoring, can be found at http://staples.newshq.businesswire.com/statement.
During the investigation Staples also received reports of fraudulent
payment card use related to four stores in Manhattan, New York at
various times from April through September 2014. The investigation found
no malware or suspicious activity related to the payment systems at
those stores. However, out of an abundance of caution, Staples is
offering free identity protection services, including credit monitoring,
identity theft insurance, and a free credit report, to customers who
used their payment cards at those stores during specific time periods.
Overall, the company believes that approximately 1.16 million payment
cards may have been affected. Specific stores and dates can be found here.
Typically, customers are not responsible for any fraudulent charges on
their credit cards that are reported in a timely fashion. Staples
customers who shopped at the affected stores during the relevant time
periods should review their account statements and notify their card
issuers of any suspicious activity.
Staples is committed to protecting customer data and regrets any
inconvenience caused by this incident. Staples has taken steps to
enhance the security of its point-of-sale systems, including the use of
new encryption tools.
Staples makes it easy to make more happen with more products and more
ways to shop. Through its world-class retail, online and delivery
capabilities, Staples lets customers shop however and whenever they
want, whether it’s in-store, online, on mobile devices, or through the
company’s innovative buy online, pick-up in store option. Staples offers
more products than ever, such as technology, facilities and breakroom
supplies, furniture, safety supplies, medical supplies, and Copy and
Print services. Headquartered outside of Boston, Staples operates
throughout North and South America, Europe, Asia, Australia and New
Zealand. More information about Staples (SPLS) is available at www.staples.com.
Source: Staples, Inc.
Mark Cautela, 508-253-3832