In a press release posted online, Staples confirmed a massive data breach earlier this fall, with 1.16 million credit cards affected.
The release gave an update on the ongoing investigation, saying that they found that the attack affected point-of-sale terminals in 115 stores, out of 1,400 locations in the US.
At most stores, the breach lasted between August 10, 2014 and September 16, 2014, but Staples acknowledges that two stores were breached since July 20, 2014. According to the post released by Staples, the stores were located in Jersey City, New Jersey and Pennslyvania. A more thorough review noted that some breaches were dated as far back as April 2014, which Staples didn't mention in the press release. It looksl ike 3 NYC based stores were hacked on April 1, May 1, and July 2.
The malware helped the hackers gain access to “some transaction data at affected stores including cardholder names, payment card numbers, expiration dates, and card verification codes.”
Discreetly added at the bottom of the press release, Staples says that breach affected 1.16 million payment cards, approximately. It’s no Target breach, to be sure, which attacked 40 million cards, but its certainly a sizable amount.