Office supply chain Staples Inc. today finally acknowledged that a malware intrusion by hackers this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.
KrebsOnSecurity first reported the suspected breach on Oct. 20, 2014, after hearing from multiple banks that had identified a pattern of credit and debit card fraud suggesting that several Staples office supply locations in the Northeastern United States were dealing with a data breach. At the time, Staples would say only that it was investigating “a potential issue” and had contacted law enforcement.
In a statement issued today, Staples released a list of stores hit with the card-stealing malware, and the stores are not limited to the Northeastern United States. Russian Cybercrime at its best, after Target, Home Depot and JP Margan Chase. That Was Easy! (could not help myself)
Link with PDF of all the affected stores at Brian's site: