Citing an unnamed source close to the investigation, technology journalist Brian Krebs reported on Monday that malware found in Staples stores was observed to be communicating with command-and-control networks used by attackers in the Michaels payment card breach.

Staples said in October that it is investigating a potential issue involving credit card data, shortly after Krebs reported on a pattern of credit and debit card fraud being linked to the office supplies retailer.

Mark Cautela, a Staples spokesperson, told Krebs in a statement that malware used in the intrusion is believed to have been eradicated, but an investigation is still ongoing into whether or not transaction data has been compromised.

Michaels confirmed in April that malware compromised point-of-sale systems, impacting about 2.6 million payment cards from Michaels outlets, and about 400,000 payment cards from Aarons Brothers stores, a Michaels subsidiary.