Staples Investigating Possible Data Breach

Office supply giant Staples is the latest retailer to report a potential credit card breach. Late Monday, the company revealed it is investigating a possible hack and has contacted law enforcement.

Brian Krebs of Krebs on Security first reported what looked like a suspicious event. He pointed to multiple banks that identified a pattern of credit and debit card fraud that suggested several Staples stores in the Northeastern United States were hit.

EUAccording to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey,EU Krebs said in a blog post.

When, Not If

The Staples headline follows news of a massive Home Depot breach that put about 56 million customer credit and debit cards at risk. In that attack, criminals used custom-built malware to evade detection -- malware that had not previously been seen in other attacks.

Aviv Raff, CTO at advanced threat protection firm Seculert, told us this breach at Staples is another example of how persistent attackers were able to successfully plant their attack tool.

EUEnterprises are now coming to a conclusion that they are either already compromised, or will soon be,EU Raff said. EUIt's not a matter of EUif,EU it's a matter of EUwhen.' The breach shows the necessity of moving from trying to prevent an attack to try and detect and respond as quickly as possible.EU

Exploring All Angles

Tim Erlin, director of IT risk and security strategy at advanced cyberthreat detection firm Tripwire, compared finding breaches through fraudulent activity to finding out your house was burglarized by seeing your TV in the pawn shop window.

EUIf this pattern in retail breaches isnEUt familiar...

Comments are closed.