Office supply chain Staples announced earlier this week that it was looking into the possibility of a data breach that, if true, could potentially affect an unknown number of customers' credit cards.
News of a potential hack was broken by cyber security blogger Brian Krebs, who noted that credit and debit card numbers recently swiped at Staples locations were now being used to make fraudulent purchases in other stores or supermarkets, indicating that the source of the identity theft could very well be Staples. According to USA Today, initial reports peg the source of the fraud at Staples stores in the Northeast — specifically New York City, New Jersey and Pennsylvania — but could have potentially affected many more.
"Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement," Mark Cautela, senior public relations manager for Staples, said in an official statement, adding that "customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis."
There's no doubt that 2014 has, unfortunately, been a banner year for data breaches. From retailers like Target and Neiman Marcus to restaurants like P.F. Chang's, businesses both large and small are falling victim to hackers and identity thieves seemingly one after the other. The main culprit in many of these incidents appears to be a malware software called "Backoff," which is installed into Point of Sale machines in brick-and-mortar stores and can effectively copy the data of a swiped debit or credit card, then transmit those numbers back to the cyber thieves.
A report released by the United States Computer Emergency Readiness Team earlier this summer indicated that as many as 1,000 U.S. businesses may be infected with Backoff.
As we head into the holiday shopping season, it's imperative that retailers invest in only the safest point of sale credit card processing systems, ensuring peace of mind for both businesses and customers alike.