Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 29 November, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Staples latest retailer to investigate payment card data breach

by The Gurus
September 10, 2020
in Editor's News
Share on FacebookShare on Twitter

Staples has said it is investigating a possible breach of payment card data.

Following other retailers including Target, Home Depot, Kmart and Dairy Queen, Staples said it has contacted law enforcement about the matter and is in the process of investigating a potential issue involving credit card data.

Company spokesman Mark Cautela said in a statement, published by Reuters, that it takes the protection of customer information very seriously, and is working to resolve the situation.

Cautela said: “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”

The story was initially discovered by security blogger Brian Krebs, who said that multiple banks in the Northeastern United States identified a pattern of credit and debit card fraud, suggesting that several branches of Staples were currently dealing with a data breach. According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Charles Sweeney, CEO of Bloxx, said: “Staples is possibly the next in a long list of US retailers to have fallen victim to a hack that would see its customer’s card details compromised. There appears to be a definite trend emerging, with hackers clearly viewing the retail industry as easy pickings.

“Cyber criminals constantly adapt their attack strategies. It is therefore very important that retailers ensure they are creating a dynamic and responsive security environment that can stand up to sustained and persistent attacks.”

Mark Bower, VP product management at Voltage Security, said that this could be another situation where point of sale (POS) malware has been pushed down to a few stores during a POS patch to add new features, or software upgrade cycle, resulting in compromise.

He said: “This seems to be a possible common thread among recent breaches, enabling attackers to propagate malware to many endpoints, though of course this is speculative based on limited data on this particular scenario.

“If malware gets into the POS and steals track or card data directly in memory, then nothing can be done in the POS to mitigate. Tokenization of card data directly in the POS, which is sometimes suggested as a defence, would not achieve anything and worse, possibly expose an open tokenization interface itself to the attacker which could lead to higher levels of compromise.

“The current crop of malware in the POS, like BlackPOS, steals track data as it arrives into memory instantly. Once grabbed, its game over as the data makes its way out to the malware controllers. Tokenization is only useful when combined with encryption in specially designed card reading equipment for secure end-to-end data capture to eliminate live data in vulnerable systems.

“It will be interesting to see how this breach unfolds. In all probability, I would hazard a guess it was quite avoidable through contemporary encryption meas
ures. Other large retailers who have suffered major breaches have already shifted gears to adopt such methods, based on years of success with their early-adopter peers who’ve not had a single incident since deployment.”

FacebookTweetLinkedIn
Tags: BreachdataPayment CardStaples
ShareTweet
Previous Post

China linked to iCloud and Windows account hijacking

Next Post

Black Hat EU 2014

Recent News

Laptop, phone, hands

40% of Cybersecurity Departments Want More Budget to Upskill Employees

November 24, 2023
AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement

AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement

November 24, 2023
Half of Cybersecurity Professionals Kept Awake By Workload Worries

Half of Cybersecurity Professionals Kept Awake By Workload Worries

November 24, 2023
Cyber Mindfulness Corner Company Spotlight: Pentest People

Cyber Mindfulness Corner Company Spotlight: Pentest People

November 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information