Staples Admits Cyber Security Breach
A US Postal Service employee carries a sign during a demonstration outside a Staples store in San Francisco, California, in January 2014. Reuters

The world's largest office supply chain, Staples has admitted it is investigating a potential cyber security breach which could have put customer credit card data in danger.

Mark Cautela, a spokesman for the Massachusetts-based company, told Bloomberg in an emailed statement that the company had contacted law enforcement officials and is working on resolving the matter:

"If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis."

The revelation that customers of Staples may have had their personal financial data compromised is just the latest in a long string of major retailers reporting similar incidents, beginning with US retailer Target at the beginning of 2014.

Counterfeit copies of credit cards

Reported first by independent security researcher Brian Krebs, multiple US banks have identified "a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach."

Krebs' sources told him that the banks had "traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast."

The breach appears to be limited to stores in New York, Pennsylvania, and New Jersey for the moment, though with 1,800 stores across the US, the breach could potentially be much larger.

Krebs reported that the fraudulent charges were made at other retailers and this suggests the "cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals."

Mark Bower from Voltage Security believes that the attack and ones like it, are avoidable:

"It will be interesting to see how this breach unfolds. In all probability, I would hazard a guess it was quite avoidable through contemporary encryption measures. Other large retailers who have suffered major breaches have already shifted gears to adopt such methods, based on years of success with their early-adopter peers who've not had a single incident since deployment."