Black Friday Sale! 50% Off All Access

Staples Data Breach May Have Hit More Than 1 Million Customers New details have been released about the retailer's October breach.

By Tom Huddleston, Jr.

Entrepreneur+ Black Friday Sale

Our biggest sale — Get unlimited access to Entrepreneur.com at an unbeatable price. Use code SAVE50 at checkout.*

Claim Offer

*Offer only available to new subscribers

This story originally appeared on Fortune Magazine

Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October.

The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached.

The office-supply retailer gave new details about a breach at more than 100 of its stores.

Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October.

The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached.

Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.

Staples, which has more than 1,400 retail locations, said the data breach impacted stores in 35 states. The company said its investigation found reports of fraudulent card use at four of its Manhattan locations between April and September 2014, although Staples found no evidence of malware at those locations.

"Staples is committed to protecting customer data and regrets any inconvenience caused by this incident," the company said in its announcement. "Staples has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools,"

The company is offering free identity protection services such as credit monitoring, identity theft insurance and a free credit report to any customers who shopped at the affected stores during the time periods when the malware was active. Staples also reiterated that customers are generally not responsible for any fraudulent charges and reminded its customers to monitor their financial accounts for any suspicious activity.

Staples' stock SPLS 0.97% dipped about 0.5% on Friday, but the company's shares are actually up more than 40% since news of the possible breach in October.

Cyber security is a hot button issue across corporate America at the moment, especially in light of last month's debilitating and embarrassing hack at Sony Pictures Entertainment. (Earlier this week, Fortune"s Dan Primack pondered whether or not the hacks at Sony and elsewhere might actually be a boon to Staples' business by spurring a renaissance of sorts for paper-based communication as a way of avoiding digital predators.)

For the most part, though, U.S. retailers have been targeted in most of the recent high-profile data breaches, with companies such as Target, Home Depot and Kmart falling victim along with tens of millions of their customers. Meanwhile, in October, JPMorgan Chase revealed that hackers gained access to the contact information of roughly 76 million households and another 7 million small businesses through a data breach at the massive bank.

Tom Huddleston, Jr. is a contributor for Fortune Magazine.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

DOGE Leaders Elon Musk and Vivek Ramaswamy Say Mandating In-Person Work Would Make 'a Wave' of Federal Employees Quit

The two published an op-ed outlining their goals for their new department, including workforce reductions.

Living

Gift Yourself a Sam's Club Membership for $20

You'll get bulk savings, festive décor, and exclusive perks.

Business News

Apple Is Reportedly Updating Siri With AI So You Can Have Real Conversations

The new Siri is reportedly capable of back-and-forth discussions.

Growing a Business

He's Hosted 'This Old House' for 20 Years — These Are His Best Tips for Growing a Home Services Business

"This Old House" host Kevin O'Connor reflects on 20-plus years working with tradespeople and what it takes to scale a business in the home service industry.

Growing a Business

Customers Want More Than Just a Product — Here's How to Meet Their Expectations

Creating a seamless, personalized experience is just as critical as having a great product or service, if not more so — it's the key to winning customers and keeping them loyal.