Staples Inc., the famous stationery chain stores, announced on Friday that more than 1.16 million customers could be affected in the massive data breach that exposed credit and debit card data of shoppers who used their cards in 115 stores around America from August 10 to September 16 2014.
Staples first announced that there had been a data breach where hackers stole customer data from point-of-sale systems in October. On Friday, it gave an update of how many stores were impacted by the hack and how.
Staples said that hackers installed malware in the point-of-sale systems, which include cash registers and terminals that handle debit and credit card transactions. The hackers may have got access to customer names, card numbers, expiry dates and most importantly verification numbers too.
The company said that while most of the data was stolen between August and September, the smuggling started since July 20 in two of its locations. Staples also released a list of stores that have been affected.
Staples warned all its customers who have shopped in their stores during the period to remain cautious and monitor their accounts closely.
"Staples customers who shopped at the affected stores during the relevant time periods should review their account statements and notify their card issuers of any suspicious activity," the company said adding that it was "committed to protecting customer data and regrets any inconvenience caused by this incident. Staples has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools."
Staples is just one of the big retail chains that has been hit by massive security hacks. Target Corp., Home Depot and Sears Holdings Corp and Bebe Stores have also become victims of cyber crimes.
Sony Pictures, the Hollywood studio, has also been dealing with dangerous cyber threats for the past few months now. Hackers have exposed crucial confidential data which might cost the company over $200 million.
Cyberattacks are becoming a raging issue in the retail industry. Companies can go into deep debts in the aftermath of these attacks with mounting security and legal expenses. Some retailers face lawsuits from customers as well.
Experts say that banks and credit card companies need to tighten security standards. They also suggest removing the magnetic strip that helps transfer data from the cards and instead introduce a PIN number method and a computer chip to prevent such breaches.