Staples, the world's largest office-supply chain, is investigating a potential breach of customer credit-card data, becoming the latest retailer to confront a threat from hackers in recent months.
Staples has contacted law enforcement authorities and is working to resolve the matter, according to Mark Cautela, a spokesman for the Framingham, Massachusetts-based company.
"If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis," he said in an e-mail.
The potential data theft adds to a wave of breaches at companies such as Home Depot, Target Corp., Sears Holdings Corp.'s Kmart chain and Neiman Marcus Group that have put pressure on retailers to bolster security. The Staples incident, reported earlier by independent journalist Brian Krebs, may involve the theft of card information from Staples locations in the Northeast.
At least three stores in New York, seven in Pennsylvania and one in New Jersey may have been targeted, according to unidentified officials at banks in the East Coast cited by Mr. Krebs, who investigates hacker attacks. The fraudulent charges occurred at other businesses such as supermarkets, indicating that cash registers in at least some store locations may have fallen victim to card-stealing malware, Mr. Krebs reported yesterday.
The data-breach probe comes as Staples grapples with a broader retail slump and increased competition from online rivals. In August, the company announced it will shut about 140 locations this year as part of a plan to streamline its operations.
Staples shut 80 outlets in North America in the fiscal second quarter. Net income last quarter dropped 20% to $82 million, or 13 cents a share, as $101 million was spent on closing locations, the company reported in August.
Expansion by Web-based rivals such as Amazon.com has spurred reorganizations across the retail industry, including the merger of Office Depot with OfficeMax.