Staples Inc., the largest U.S. office-supply retailer, said 1.16 million payment cards may have been affected in a series of data breaches that occurred from July into September.
The theft occurred after criminals deployed malware on point-of-sale systems at 115 of Staples' 1,400 U.S. stores, the Framingham, Massachusetts-based company said today in a statement. The company disclosed in October that it was investigating a potential breach.
Staples is among a growing number of retailers that have had card systems compromised by hackers. Target Corp. was among the first to disclose such an attack, about a year ago, and since then Home Depot Inc., Sears Holdings Corp.'s Kmart chain and Neiman Marcus Group Ltd. have said they've been struck.
Staples shares were little changed at $17.48 at 5:06 p.m. in late trading in New York. The stock had gained 10 percent this year through the close of regular trading today.
The Staples breach is smaller than the previous incidents at Home Depot and Target. At Home Depot, the world's largest home-improvement chain, data for 56 million cards and 53 million e-mail addresses were compromised. Target's breach included details for 40 million cards and 70 million addresses, phone numbers and other information.
Staples is offering free identity protection services and a free credit report to customers who used a payment card at any of the affected stores during the relevant time periods.