Office-supply retailer Staples said about 1.16 million payment cards might have been affected by the data breach announced in October.
An investigation by external data security experts showed that criminals deployed malware to some point-of-sales systems at 115 U.S. stores, Staples said.
The company said it has since eradicated the malware.
Staples, which has more than 1,400 stores in the country, said the malware might have allowed access to some transaction data, including cardholder names, payment card numbers, expiration dates, and card verification codes.
At 113 stores, the malware may have allowed access to data for purchases from Aug. 10 through Sept. 16. At two stores, the access may have been for purchases from July 20 through Sept. 16.
The investigation also reported some fraudulent payment card usage related to four Manhattan stores, but those did not have malware.
Staples became the latest U.S. retailer to combat security data breaches after Sears said in October it was the victim of a cyberattack that likely resulted in the theft of some customer payment cards at its Kmart stores.
Shares of Staples have jumped 40.85 per cent since Oct. 21, when the company announced the investigation.
(Reporting By Yashaswini Swamynathan in Bengaluru; Editing by Joyjeet Das)
More from Reuters:
- UN’s Ban Urges End To Discrimination Against Ebola Workers
- Ebola Death Toll In Three African Countries Hits 7,373: WHO
- Saudi Forces Kill Four Militants In Awamiya: Interior Ministry
- India PM Modi’s Party Distances Itself From Religious Conversions
- Russia Calls New Sanctions On Crimea ‘collective Punishment’
Business Insider Emails & Alerts
Site highlights each day to your inbox.