Office supply retailer Staples announced that it is “investigating possible payment card data thefts,” according to BBC News.
Originally reported by Krebs on Security, half a dozen banks along the East coast have “identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.”
Krebs on Security goes on to say that “it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.” According to CNET, this “pattern suggests that Staples cash registers in a handful of locations were infected with data-stealing malware similar to that used in other security breaches that allows thieves to create counterfeit cards.”
It is not clear how many customers have been affected by this data breach. CNET reports that “the Framingham, Mass.-based chain has more than 1,800 stores nationwide, but Krebs said that it appears the theft is limited to a small subset of stores.”Staples confirmed that it is investigating potential breach.
In the US, we continue to use old credit card technology, and yet the industry is moving towards a mandate where they will use a chip-and-pin for credit cards. But we are a ways from that point and in the meantime we will continue to see these breaches occurring on a regular basis.
Staples said they would support Apple Pay and Google Wallet, which is a good direction to take as well. Unfortunately Staples customers will continue to use old technology, and it will be a while before electronic pay systems or Google wallet become standard.
If there is a security breach, the already-struggling retailer’s finances will be affected even more. Bloomberg reports that when the data breach was announced, Staples declined 1.1 percent to $12.17, and shares had already dropped by 23 percent before possibility of a data breach was announced. Bloomberg also mentioned that “Staples shut 80 outlets in North America in the fiscal second quarter. Net income last quarter dropped 20 percent to $82 million, or 13 cents a share, as $101 million was spent on closing locations, the company reported in August.”
The FBI reports that “Nearly 439 million records were stolen in the past six months,” according to CNBC. The FBI also says that “About 35% of the thefts were from website breaches, 22% were from cyberespionage, 14% occurred at the point of sale when someone bought something at a retail store, and 9% came when someone swiped a credit or debit card.”
As cybercriminals become more sophisticated and target retailers, stores have to increase their security and monitoring. EiQ’s SecureVue Advanced Security Intelligence Platform. SecureVue allows large organizations to save thousands of hours each year with automated security checks. SecureVue also offers a continuous view of compliance without doing a manual inspect of the system. Dashboards on SecureVue display compliance data across the entire enterprise, and new dashboards can be created through the simple point-and-click dashboard editor. With SecureVue, retailers can take steps to protect their customers’ data.
The fact is that there are newer types of technology for the retail industry to use. However, it will be a while before the older technologies go away. Even after the October mandate for chip-and-pin government issued credit cards kicks in, we will continue to see a combination of a mix of old and new technologies and as a result, we will continue to see breaches. The new technology doesn’t solve the problem completely, but the bad guys will find it harder to compromise. That is why it is vital for companies to execute and implement comprehensive security monitoring and system auditing programs.