Back in October news of the breach at Staples stores first broke and now more details have been reported by the office supplies store chain.
An update on the Staples website confirms "criminals deployed malware to some point-of-sale systems at 115 of its more than 1,400 U.S. retail stores" and that "approximately 1.16 million payment cards may have been affected" including theft of "cardholder names, payment card numbers, expiration dates, and card verification codes".
The breach covers a period from July through to September. Especially frustrating is the news that a preliminary breach was instigated at 2 stores before a wider attack on 113 stores was made. In other words, had breach detection measures been in place, the attack could have been confined to just 2 locations.
If you can't stop the breach, spot the breach - damage limitation should be part of any PCI breach contingency planning.
Read the full press release from Staples here