There are not a lot of details at this point, but it appears that yet another major US retailer has suffered a breach of its POS system. The online blog krebsonsecurity.com has reported that banks have tied credit and debit card fraud activity to cards used at Staples stores in the Northeast US region. This indicates that Staples is the victim of a POS data breach.
This appears to have been news to Staples, the office supply giant, which has now announced an investigation. This continues a disturbing pattern where, as in the Home Depot breach last month, a compromised retailer appears to have only learned of the threat when fraudulent activity is identified by banks and protect financial institutions.
Staples Sr. Public Relations Manager Mark Cautela has stated “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”
Blogger Brian Krebs has broken numerous breach stories over the past year, including the Target and Home Depot data breaches which have impacted over 100 million cardholders.
At this point, the Staples POS data breach may have impacted only a small number of Staples 1,800 stores nationwide. It fits the pattern of the Backoff malware involved in Home Depot and numerous breaches of point-of-sale systems over the past two months. Backoff was the subject of a Homeland Security cyber alert in July.
Earlier this week, President Obama issued an Executive Order that all cards issued for or on the behalf of the Federal Government and its agencies to used Chip and Pin technologies that protect against malware such as Backoff. This technology is used in most European countries and has been successful in stopping this type of data breach