Staples confirmed on Tuesday it has initiated an investigation regarding a possible credit card data breach at some of its locations.
The office supplies retailer reported it has contacted law enforcement but has yet to release additional details.
Mark Cautela, Staples spokesman, said in a statement, “We take the protection of customer information very seriously, and are working to resolve the situation.”
The issue came to light after independent security journalist Brian Krebs reported multiple banks identified a suspicious pattern of several fraudulent transactions using credit or debit cards previously used at a number of Northeast Staples store locations:
“According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.”
“When bank fraud analysts detect a potential breach, it usually means the criminal group behind the breach has been able to compromise the network, installed malware and successfully exfiltrated the card data out of the network without being detected,” explains Ken Westin, Tripwire security researcher.
Cautela added that if Staples discovers an issue, customers would not be held liable for any fraudulent activity if reported on a timely basis.
The Massachusetts-based retailer, which operates more than 1,800 stores nationwide, may be the latest malware victim behind several other major retailers breached recently, including Kmart and Home Depot.
Watch the video below to see how criminal syndicates cash out on stolen cards sold on the underground credit card market: