JACKSONVILLE, Fla – Staples released a statement Friday saying cyber criminals may have compromised 1.2 million customer cards.
Staples' data security experts gave an update to the data breach first reported in October, saying criminals deployed malware to some point-of-sale systems at 115 of its more than 1,400 U.S. retail stores.
Based on its investigation, Staples believes that malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes
At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.
As a result, and in light of Staples' commitment to protecting its customers, Staples is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to customers who used a payment card at any of the affected stores during the relevant time periods. Additional information about the incident, including dates of potential access and how to sign up for free credit monitoring, can be found here.
16 stores who were part of the security breach are located in Florida, with one of those stores in Jacksonville. That Staples is located at 5800 Beach Blvd. There are also six stores located in Georgia who are affected by the breach.
For a full list of stores affected, and what dates they were affected, click here.