Newsroom

October 21, 2014

Krebs: Credit card breach at Staples

KrebsOnSecurity has identified a potential credit card breach affecting Staples Inc. locations in the Northeast, which Staples says it is investigating.

Krebs cited banks on the East Coast, reporting that "it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York, and another in New Jersey. Staples told Krebs that it has contacted law enforcement.

NAFCU President and CEO Dan Berger said the incident shows again the need for Congress to pass legislation setting a national data security standard for retailers. "Data breaches have reached epic levels, and the continued absence of national data security standards for retailers has given cybercriminals free rein to access consumer data. National data security and breach notification standards, for all segments of the payments system, are critical to keep consumers' personal and financial data as safe as possible."

President Obama on Friday called for the deployment of chip-and-PIN security for credit and other payment cards and urged Congress to "act with urgency" on data breach legislation. He made the announcement during an event held at CFPB and attended by Berger.

Also last week, the Payments Security Task Force, of which NAFCU is a member, projected at least 47 percent of U.S. merchant terminals will have EMV chip-and-PIN technology by the end of 2015. Many data breaches are the result of network intrusions occurring at the retailers' end – which EMV technology alone will not fix.

NAFCU was the first financial trade association to call for a national data security standard for retailers in the aftermath of the Target breach last year. NAFCU also advocates timely disclosure of data security breaches to consumers. The association is pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.