The U.S. Secret Service is reportedly investigating a potential breach of credit and debit card data at several Staples office supply locations in the Northeast. The potential major breach comes on the heels of the The Home Depot, Target, Neiman Marcus, and Chase hackings.
Staples has not issued a formal statement as of today, but confirms an investigation is underway.
The Washington Post says according to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.
The Washington Post says the fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.
A recent study from Discover’s PULSE found that 84% of financial institutions reissued all exposed cards in response to the Target breach, compared to only 29% that typically reissue all exposed cards as a standard response to breaches. Overall, 14% of all debit cards were exposed in data breaches in 2013, compared to 5% in 2012. PULSE says 86% of financial institutions stated that they plan to begin issuing EMV debit cards in early 2015.
For more data on Payment Card Data Breaches access CardData®. For information and commentary on Payment Card Data Breaches visit the searchable CardFlash® Library of more than 58,000 articles published since 1995. RAM Research® forecasts on Payment Card Data Breaches are available exclusively through CardWeb.com.®