Welcome · log in · join

Security → Staples: Breach may have affected 1.16 million customers' cards

uniqs
498

« IE 10 and 11 silently accept third party cookie instead of blocking • need some info please thnks »

PX Eliezer Premium Member join:2013-03-10 Wakanda kudos:10 ·Optimum Voice ·callwithus ·Callcentric ·localphone.com	PX Eliezer Premium Member 2014-Dec-19 5:37 pm Staples: Breach may have affected 1.16 million customers' cards The office-supply retailer gave new details about a breach at more than 100 of its stores. Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers’ credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers’ names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said. »fortune.com/2014/12/19/s ··· -breach/ List of the affected stores (pdf): »staples.newshq.businessw ··· ores.pdf
	· actions · 2014-Dec-19 5:37 pm ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN kudos:4 ·Frontier Communi..	Blackbird Premium Member 2014-Dec-19 9:00 pm Hmm. According to their pdf list of affected stores, the infection 'start' dates for 4 sites in NYC were 1 April, 1 May, 2 July, and 1 August; the start date for a store in NJ and a store in PA were 20 July; and the date for the rest of the affected stores was 10 August. From the listed dates, it has the appearance that the infections were first placed at the four NYC stores over a 4-month period, during the latter part of which it was also deployed to single stores in NJ and in PA, then went nationwide in August. If so, it's an interesting product roll-out pattern. What is also interesting is the many Staples stores not infected... adding up to a curious geographical pattern.
	· actions · 2014-Dec-19 9:00 pm ·
therube join:2004-11-11 Randallstown, MD ·Xfinity ·Verizon Online DSL	therube Member 2014-Dec-20 1:37 am > an interesting product roll-out pattern Heh, a funny way to put it. > interesting is the many Staples stores not infected Perhaps for the very same reason? Staples was rolling-out hardware/software updates. Exploitable versions were hit. Those not, were unaffected. Was in the hospital recently & "HP" was there updating firmware in (ALL of) their in room (patient) diagnostic monitoring systems (heart rate, oxygen, pulse...).
	· actions · 2014-Dec-20 1:37 am ·
Secyurityet Premium Member join:2012-01-07 untied state	Secyurityet to PX Eliezer Premium Member 2014-Dec-20 12:38 pm to PX Eliezer We're doomed. »www.privacyrights.org/da ··· a-breach
	· actions · 2014-Dec-20 12:38 pm ·
doppler join:2003-03-31 Blue Point, NY	doppler to PX Eliezer Member 2014-Dec-20 1:26 pm to PX Eliezer I find it more interesting it took over 2 months to say: "Oh BTW, we have been hacked. You should monitor you bank accounts." CYA, Full on
	· actions · 2014-Dec-20 1:26 pm ·
PX Eliezer Premium Member join:2013-03-10 Wakanda kudos:10	PX Eliezer Premium Member 2014-Dec-20 2:44 pm At this point I am just glad that my local store was not on the list. I am SO tired of this fucking shit....!
	· actions · 2014-Dec-20 2:44 pm ·

dave MVM join:2000-05-04 not in ohio kudos:10	dave MVM 2014-Dec-20 2:59 pm said by PX Eliezer: I am SO tired of this fucking shit....! Until there's legal culpability, it will continue. Maybe a few CIOs going to jail would encourage the others. First question: why does a store need to retain any credit card information beyond the time it takes them to get paid?
	· actions · 2014-Dec-20 2:59 pm ·
PX Eliezer Premium Member join:2013-03-10 Wakanda kudos:10	PX Eliezer Premium Member 2014-Dec-20 3:08 pm My impression is that the Staples hack was real-time at the time of purchase....?
	· actions · 2014-Dec-20 3:08 pm ·
therube join:2004-11-11 Randallstown, MD	therube to dave Member 2014-Dec-20 4:02 pm to dave > Maybe a few CIOs going to jail would encourage the others. The banks did what to us? And you're expecting a Staples CIO to end up in jail for dishing out a few credit card numbers & some personal information?
	· actions · 2014-Dec-20 4:02 pm ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN kudos:4 ·Frontier Communi..	Blackbird Premium Member 2014-Dec-20 4:13 pm said by therube: ...The banks did what to us? And you're expecting a Staples CIO to end up in jail for dishing out a few credit card numbers & some personal information? By that line of reasoning, no culpability remedy for handling fiduciary trust will ever be forthcoming, because someone will always be able to point back to situations where it didn't exist. This sort of thing will only continue and worsen as long as there's no ultimate accountability. That accountability needs to start sometime. Now would be a fine time...
	· actions · 2014-Dec-20 4:13 pm ·
dave MVM join:2000-05-04 not in ohio kudos:10	dave to therube MVM 2014-Dec-20 4:17 pm to therube Expecting? No. Hoping? Maybe. As to your other point: smaller crimes are often easier to prosecute. There's a direct link between Staples corporate security practices and my credit card info being in the hands of some crook. There's less of a link between Goldman-Sachs selling crap securities and what happened to my 401k, even though we all know they're related.
	· actions · 2014-Dec-20 4:17 pm ·

Forums → Software and Operating Systems → Security	« IE 10 and 11 silently accept third party cookie instead of blocking • need some info please thnks »