Staples says 1.16 million credit card numbers stolen in breach

Staples came out with a list Friday of all the stores where customer credit cards may have been compromised during the security breach revealed in October.

The Framingham, Mass., company said that malware infected the checkout stations at 115 of its 1,400 U.S. stores. It began removing the software in mid-September. Investigations in the meantime revealed that shoppers who made purchases at these stores across the country going back as far as July may have had their credit card numbers, expiration dates, verification codes and their names stolen in the hack.

In a statement, Staples said that 1.16 million credit and debit cards may have been affected.

Michael Regal, editor at large for Bloomberg News said on "CBS This Morning: Saturday" that consumers should not be held responsible for any fraudulent charges following the breach, but urged anyone who's shopped at the store in recent months to check their credit card statements carefully for any unusual activity.

Staples is offering free credit monitoring, identity theft insurance and a free credit report to any customers who used a credit or debit card at the affected stores during the breach. It posted the specific locations and dates online.

The company is also extending these free services to shoppers who visited four Manhattan, N.Y., locations between April and September. The company said that no malware was detected at these stores, but there were reports of fraudulent card use. "Out of an abundance of caution, Staples is offering free identity protection services...to customers who used their payment cards at those stores during specific time periods," the company said in the statement.