Staples says it's investigating a "potential issue" involving its customers' credit card data in what could be the latest instance of a U.S. retailer falling victim to a payment card system security breach, CNET reports.
The office supply chain announced late Monday it was working with law enforcement officials after security expert Brian Krebs reported that "multiple banks" had identified patterns of payment card fraud that suggested data had been stolen from several locations in the northeastern U.S. The pattern indicates that Staples cash registers in a handful of locations were infected with data-stealing malware similar to what was used in other security breaches, enabling thieves to create counterfeit cards, Krebs wrote.
"We take the protection of customer information very seriously, and are working to resolve the situation," Mark Cautela told Krebs. "If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis."
Staples did not immediately respond to a request from CNET for additional comment.
It wasn't immediately clear how many customers may be affected. The Framingham, Massachusetts-based chain has more than 1,800 stores nationwide, but Krebs said it appears the theft is limited to a small number.
Data-stealing malware has become a popular tool of fraudsters in recent months. Home Depot revealed last month that 56 million customer credit cards were put at risk of theft as a result of a security breach that used custom-built malware to evade detection. A similar method was used late last year to expose the credit card data of 40 million Target customers and the personal information of an additional 70 million customers.
Since the Target hack, there has been an apparent uptick in security breaches at retail locations. Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang's all revealed they were victims of security breaches aimed at stealing customers' credit card information.