Staples (NYSE:SPLS) reported that a recent security breach on some of its point-of-sale systems affected 115 stores and 1.16 million customer credit cards.
The affected stores are only a fraction of the 1,400 Staples worldwide and the company has issued a list of which stores were breached. Upon detection, the company immediately took action to eradicate the malware and retained outside data security experts to investigate the incident.
The leak of a possible attack was first reported back in October by security reporter Brian Krebs on his blog, Krebsonsecurity.com, citing that several Staples stores in the northeast part of the country had been hit by a breach.
Based on the investigation, Staples believes malware may have had access to cardholder names, payment card numbers, expiration dates and card verification codes at 113 stores from Aug. 10 through Sept. 16 and at two stores, from July 20 through Sept. 16.
The retailer is offering customers free identity protection services to those affected by the breach, which includes free credit card monitoring.
Staples joins the rapidly growing list of retailers hacked by cyber criminals this year including Kmart (NYSE:SHLD), Supervalu (NYSE:SVU) and Home Depot (NYSE:HD), to name a few.
The announcement comes less than a week after Activist investor Starboard Value released its intentions to push a Staples and Office Depot merger. According to people familiar with the matter, Starboard has recently taken a 5.1 percent stake in Staples and has increased its existing holdings in Office Depot to about 10 percent.
-See this Staples press release
Staples redesigns healthier headquarters
Buy online, pickup in-store increasing in popularity
Staples, Office Depot, one investor away from a merger?
Staples expands omnichannel capabilities
Synergy savings boosts Office Depot's Q2