Staples confirmed on Friday that suspicious cyber activity, first spotted in September, was most likely a malware attack that may have breached 1.16 million credit cards.
A preliminary investigation found evidence of malware installed in the point-of-sales systems at 115 locations. The malware may have given hackers access to cardholder names, credit card numbers and verification codes. The breaches began in late summer and continued until the retailer detected and removed the malware in mid-September.
The company said that affected customers could request free identity protection services and would not be held liable for fraudulent charges.