Staples latest to confirm data breach

Time and again in 2014 the vulnerability of retailers’ information systems became apparent with Staples the latest major chain forced to admit an inability to protect customers’ personal information.

Now Staples has released more information about its data breach in September.

The retailer says data security experts detected that criminals deployed malware to some point-of-sale systems at 115 of its more than 1,400 U.S. retail stores in September. Upon detection, Staples says, it immediately took action to eradicate the malware and to further enhance its security.

Staples said its investigation revealed the malware may have given criminals access to data "including cardholder names, payment card numbers, expiration dates and card verification codes." At 113 stores, the malware may have allowed access to data from purchases made between Aug. 10 and Sept. 16, Staples said. At two other stores, the malware may have allowed access to data from purchases made between July 20 and Sept.16.

The company said it also retained outside data security experts to investigate the incident and has worked closely with payment card companies and law enforcement on this matter.

Overall, the company believes that approximately 1.16 million payment cards may have been affected.

Target is marking the one-year anniversary of its holiday shopping data breach, which affected 40 million customer credit and debit cards. At the time, it was viewed as the largest retail hack ever. The Home Depot, meanwhile, is also recovering from its data breach in September.