Staples has revealed that a cyberattack that hacked into two of its stores in July and continued at 111 or more stores through September stole personal information from an estimated 1.16 million payment cards, according to the Wall Street Journal.
The malware responsible for the attack penetrated the cash registers and terminals that dealt with credit and debit cards. The malware seized information that was on the cards, including the name on the card and the card number, as well as the expiration date and the card verification code on the back of the card.
CBS Dallas Fort Worth reports that Staples has responded by offering free identity protection services to customers who were victimized.
Although the hacking started in July, the main thrust of the attack occurred during the period just before children went back to school, between August 10 and September 16. Staples discovered the attack in September and revealed it in October.
Four Manahattan Staples stores claimed they had been hit with false card charges, but investigators said no malware was involved.
Staples released a statement reading, “At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014,” Staples disclosed. “At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.”
Since Staples revealed the hack on October 21, shares in the company have skyrocketed 40.85%. The company is not the only major retailer menaced by hackers; 56 million card accounts were hacked at Home Depot Inc. and 40 million at Target.