Staples Confirms Breach; Home Depot Reports Breach Costs
In an SEC filing, Staples admitted it was the victim of a data breach. In its latest earnings report, Home Depot quantified its breach costs for the period.Staples can now officially be added to the growing list of retailers that have publicly admitted this year that their systems were attacked and customer data was breached. In Staples 10-Q filing with the U.S. Securities and Exchange Commission (SEC), the company provided a few details about the attack against its systems. "The company is currently in the process of investigating a data security incident involving an intrusion into certain of the company's retail point-of-sale and computer systems," the Staples 10-Q states. Staples has not identified how many stores or customers may be impacted by the data security incident. It's also unclear how Staples was attacked though the retailer does indicate in its 10-Q that malware was involved. Retail point-of-sale (POS) malware has been a large threat in 2014. In July, the U.S. government first warned about Backoff malware, which is now thought to have impacted more than 1,000 retailers across the United States. Other POS malware that has impacted U.S. retailers includes FrameworkPOS and BlackPOS. In its 10-Q, Staples did not specifically identify the POS malware that it has eradicated from its systems.
At this point in the investigation, Staples has not yet put a price on the cost of its data security incident.