Staples announced on Friday that malware infected its point-of-sale systems at 115 of its 1,400 U.S. retail stores, possibly affecting roughly 1.16 million payment cards.
Affected data includes cardholder names, payment card numbers, expiration dates and card verification codes, according to the release, which adds that Staples has taken steps to eradicate the malware.
Various locations were affected in Alabama, Arizona, California, Connecticut, Delaware, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Montana, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Vermont, Virginia, Washington, West Virginia and Wyoming.
Most stores were affected from Aug. 10 to Sept. 16, although the dates vary, according to a list of impacted locations.
Staples is offering free identity protection and credit monitoring services to customers who used cards at affected locations.
