About 1.2 million customers of Staples may have had their payment cards exposed to a data security breach earlier this year, the company said.
In October, the retailer announced it was looking into a potential breach of credit card data, the latest incident of cyberattackers accessing customer information, according to an Associated Press report.
Staples said its investigation revealed that criminals used malware to access transactions at 115 of its 1,400 U.S. stores, getting details such as names, card numbers, expiration dates, and verification codes that could be used to make fraudulent purchases.
Customers who at risk will receive free identity protection services from the company, including credit monitoring and identity theft insurance.
Staples said it was “committed” to protecting customer data and that it was sorry for any inconvenience caused, and it would take steps to improve security at its point-of-sale systems, including new methods of encryption.
Staples said that affected customers won’t be held responsible for any fraudulent charges.
Shares of Staples have been up more than 40 percent since news of the breach in October surfaced, according to Fortune.com.
Cyber security has been a volatile issue in recent months, especially with the hack of Sony Pictures Entertainment, which led to the release of many embarrassing emails and ultimately the cancellation of the film “The Interview” over threats of violence against theaters that would show it due to its depiction of North Korea’s leader, Kim Jong-Un, getting assassinated.
Target, Home Depot, and Kmart have also been the victim of hack attacks affecting millions of customers. JPMorgan Chase revealed in October that hackers had accessed the contact information of 76 million households and 7 million small businesses.
