Wednesday, October 22, 2014

Staples becomes the latest US retailer to investigate a potential data breach by hackers

By Danny Palmer
21 Oct 2014 0 Comments
Staples, the office supplies store is, the latest major US retailer to become the suspected victim of a data breach as a result of a cyber attack by computer hackers.
A number of well-known American retail firms have been victims of data breaches in the past year, including Target, which saw details about 70 million customers stolen after an attack by cyber criminals. The results were so catastrophic that they eventually led to the resignation of Target CIO Beth Jacob.
The possible Staples breach was disclosed by cyber crime expert Brian Krebs, who revealed on his Krebs on Security blog that "multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach".
Staples has also released a statement admitting that it's investigating a possible data breach and is working with the authorities.
"Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement," said Staples spokesperson Mark Cautela.
"We take the protection of customer information very seriously, and are working to resolve the situation," he continued, before adding that if Staples has been the victim of a data breach, then its customers won't be shouldering the costs.
"If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis."
Speaking about the possibility of a data breach at Staples, Charles Sweeney, CEO of web security firm Bloxx, said that cyber criminals are increasingly attacking retailers as they're viewed as an easy target.
"Staples is possibly the next in a long list of US retailers to have fallen victim to a hack that would see its customers' card details compromised. There appears to be a definite trend emerging, with hackers clearly viewing the retail industry as easy pickings," he said.
"Cyber criminals constantly adapt their attack strategies. It is therefore very important that retailers ensure they are creating a dynamic and responsive security environment that can stand up to sustained and persistent attacks," Sweeney added.
While a breach has yet to be confirmed, Mark Bower, VP product management at Voltage Security argued that if Staples has been the victim of a cyber attack, malware that has infiltrated company networks could be to blame.
"Perhaps this is another situation where POS [point of sale] malware has been pushed down to a few stores during a POS patch to add new features, or software upgrade cycle, resulting in compromise," he said
"This seems to be a possible common thread among recent breaches, enabling attackers to propagate malware to many endpoints, though of course this is speculative based on limited data on this particular scenario," Bower continued.
He went onto add that if Staples has been the victim of a data breach, it's likely such a mishap could have easily been avoided.

"In all probability, I would hazard a guess it was quite avoidable through contemporary encryption measures," Bower concluded.

No comments:

Post a Comment