Newsroom

Staples confirmed that its point-of-sale systems were breached by malware earlier this year, according to BankInfoSecurity.com, but the office supply retailer has not announced how many of its more than 2,000 stores worldwide were affected.

Staples announced it was investigating a possible breach in October in store locations in the Northeast. KrebsOnSecurity reported at the time that banks on the East Coast were seeing fraud "from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York, and another in New Jersey."

Krebs also recently reported on a link between the Staples breach, which it says affects about 100 stores, and the breach earlier this year at Michaels craft stores. "A source close to the investigation said the malware found in Staples stores was communicating with some of the same control networks that attackers used in the intrusion at Michaels," Brian Krebs, author of KrebsOnSecurity, reported.

NAFCU President and CEO Dan Berger said the continued news of retailer data breaches again shows the need for Congress to pass legislation setting a national data security standard for retailers.

NAFCU was the first national financial trade association to call for a national data security standard for retailers in the aftermath of the Target breach almost one year ago. It also advocates timely disclosure of data security breaches to consumers. The association is pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.