A pattern is definitely starting to become apparent in recent data breaches. It starts with banks discovering fraudulent activity on their customers’ credit cards and informing security expert and investigative reporter, Brian Krebs, of KrebsonSecurity.com. He then breaks the story on his popular blog and the organization that falls victim to the breach starts scrambling. Krebs broke the stories on both of the well-known data breaches at Home Depot and Target.
On October 20, Krebs published a story on a potential breach at seven Staples stores in the Northeastern United States. The office supply retailer released a statement the next day saying that they were working with law enforcement to investigate a potential data breach of its payment card system. Like other retailers who have had similar breaches, Staples has promised that, if the breach is confirmed, its customers will not be held responsible for any fraudulent purchases made as a result.
The Framingham, Mass.-based retailer operates more than 1,800 stores and has a large online business as well. It appears that the breach has only affected seven stores located in Pennsylvania, New York City and New Jersey. No specific stores have been identified and there are no numbers yet on how many credit cards may have been exploited.
Krebs reported that the banks discovered the fraudulent activity occurring at non-Staples stores and traced it back to customers of Staples. With this finding, it appears that the hackers stole the information and created fake credit cards to make purchases at other retailers.
“The Staples breach doesn’t seem to be as substantial as what has been experienced by Home Depot, Kmart, Dairy Queen, and others; however, it is serious for those customers that have had their credit card information stolen and discovered fraudulent activity on their accounts
Based on the initial information available on the breach, all signs are pointing to the now infamous malware known as Backoff. This malicious software that targets point-of-sale systems at major retailers was reported by the Department of Homeland Security back in July 2014 when they warned that more than 1,000 U.S. businesses may have been affected.
As these security incidents continue to occur, they bring heightened awareness to the fact that organizations need to take security precautions in every facet of their operations, especially with their IT environments. Code Dx offers software assurance solutions to help ensure that the applications you build or buy are void of any vulnerabilities. For more information on Code Dx, contact us at firstname.lastname@example.org or at (631) 759-3993.