A data security breach involving Staples Inc., initially reported in October 2014, has been confirmed by the Framingham, Mass-based retail office supply chain. The far-reaching event impacted 119 of the 1,500 Staples locations in 35 states. Malicious software discovered inside cash registers was intercepting credit card transactions and transmitting cardholder data to a criminal host network. The company believes that up to 1.16 million credit cards may have been affected by the breach.
A company press release issued on Dec. 19 stated that "malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes.