Newsroom

On Friday, Staples confirmed more details of a data breach on its point-of-sale systems earlier this year saying that the breach affected about 1.16 million cards at 115 U.S. store locations between July and September.

Based on its investigation, Staples noted in a statement Friday that data accessed by the cybercriminals through the malware on the POS systems included cardholder names, payment card numbers, expiration dates and card verification codes. At 113 of its stores, the company believes the malware possibly affected card users that made purchases from Aug. 10 through Sept. 16. At two of its stores, the malware may have allowed the criminals to access card data from July 20 through Sept. 16.

The company also stated that during its investigation it received reports of fraudulent payment card use related to four stores in Manhattan, N.Y., from April through September.

NAFCU President and CEO Dan Berger said the continued news of retailer data breaches again shows the need for Congress to pass legislation setting a national data security standard for retailers. In an American Banker editorial Friday marking the one-year announcement of the Target data breach, Berger wrote, "No amount of diligence on the part of financial institutions will help prevent future data breaches if retailers are not held responsible by national data security standards like the ones applied to financial institutions under Gramm-Leach-Bliley [Act]."

NAFCU was the first financial industry trade to call on Congress to pass national data security standards for retailers in the wake of the Target breach. NAFCU is preparing to continue to press for action when the 114th Congress begins in January.