Staples: Hack May Have Compromised One Million-Plus CC’s

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Staples has announced that customer data at 115 Staples’ stores across the US have been compromised and could have affected over a Million customers. When the breach was first discovered, Staples played down the extent and grossly underestimated the scope of the compromise.

The malware may have allowed access to transaction data including cardholder names, payment card numbers, expiration dates, and card verification codes, for purchases made between Aug. 10 and Sept. 16, Staples said Friday.
Click to expand...
 
Time to enact consumer protection regulations that specify a specific and prompt notification period with criminal penalties for each violation.
 
So off the top of my head that makes Target, Home Depot, K-Mart, and now Staples as stores with compromised systems, at least in the last couple of years. Am I missing any? Man, I'm tired of changing credit cards.
 
What the hell is going on? These companies need to be held liable for this, it's getting pretty ridiculous that they skimp so much on security.

And I just bought something from Staples the other day too.... though they only say it was in the US, are the Staples in Canada ok? I would imagine they all use the same systems/database though.
 
Inevitably, every B&M retailer is going to get compromised. Methinks that none of them have bothered to assess and upgrade their security for years. The only time that any of these companies bother to do shit is when their profit is affected.
 
Lith1um said:
Time to enact consumer protection regulations that specify a specific and prompt notification period with criminal penalties for each violation.
Click to expand...
Disagree, time to enact consumer protection regulation that holds business financially responsible for any losses or inconvenience held for keeping credit card information for a time period that exceeds the amount of time it takes them to get paid from the credit card company... so like 5 seconds.
 
sfsuphysics said:
Disagree, time to enact consumer protection regulation that holds business financially responsible for any losses or inconvenience held for keeping credit card information for a time period that exceeds the amount of time it takes them to get paid from the credit card company... so like 5 seconds.
Click to expand...
Why do they still need to keep any of that data? Why not just use a system like Apple Pay and others that generate a unique code for the transaction and only store that code, which would be of no use at all to any hacker?

And why the he11 do we still have CCs without security chips or biometric data, what is this 1979?
 
RealBeast said:
Why do they still need to keep any of that data? Why not just use a system like Apple Pay and others that generate a unique code for the transaction and only store that code, which would be of no use at all to any hacker?

And why the he11 do we still have CCs without security chips or biometric data, what is this 1979?
Click to expand...
I don't know, the only time I felt it remotely useful is at places like Home Depot where if you lost your receipt they can look up the purchase with your credit card info... that said, why that shit isn't massively encrypted is beyond me.

But data breaches of all kinds infuriates me, the first one I got a letter for was UC Berkeley being told a laptop with my data was stolen so there might be identity theft issues. 1) Why was this info on a laptop? 2) this was over a year after I applied there 3) Fuckers rejected me, so why the fuck did they keep all my information?
 
sfsuphysics said:
I don't know, the only time I felt it remotely useful is at places like Home Depot where if you lost your receipt they can look up the purchase with your credit card info... that said, why that shit isn't massively encrypted is beyond me.

But data breaches of all kinds infuriates me, the first one I got a letter for was UC Berkeley being told a laptop with my data was stolen so there might be identity theft issues. 1) Why was this info on a laptop? 2) this was over a year after I applied there 3) Fuckers rejected me, so why the fuck did they keep all my information?
Click to expand...

Because,

1) It's free.
2) There are no repercussions of any type.
3) Universities are big business and enjoy the power they wield.
 
Staples started using apple pay after they removed the malicious software.
 
U can use one time credit card numbers online or not save your info, but B&M stores u don't have many options. I'm sure credit card companies have made a calculated trade off in terms of eating the cost of fraud vs rolling out chip and pin
 
i like to add as some do not know why they are storing the card information, well i like to tell you they are not (well not for long any way in the POS ram for like 5 seconds but thats all you need really)

the issue is that the POS/network it self is been compromised so when some one pays for something the hacker gets it before its encrypted as its reading the info directly from ram saving it and send sending it to themselves once they get enough people's information

the Company is not saving any of your card information it, they are scraping the info directly from ram (malware)

this is mostly likely same way breach that happened later this year got full access to there network when they managed to get into the network via HAVC VPN (why that system is not isolated is not funny the POS network should be isolated via VLAN its Not that hard to do) it most likely be the same thing where the POS systems was not on there own VLAN network (a £100 managed switch can do it)

if the USA had moved to Chip and Pin 10 years ago like the rest of the world this would of only affected a limited amount people, if this was website hack then you still would of had to change your cards any way
 
Red Squirrel said:
What the hell is going on? These companies need to be held liable for this, it's getting pretty ridiculous that they skimp so much on security.

And I just bought something from Staples the other day too.... though they only say it was in the US, are the Staples in Canada ok? I would imagine they all use the same systems/database though.
Click to expand...

What is going on? They are run by old out dated buffoons who don't understand security. Notice that the companies hacked are all old standby brick and mortar companies? You don't hear about Amazon, Newegg, MS, Apple, etc... Getting hacked. In fact I would bet they are probably all outsourcing their processing and databases and its too similar companies.

Also I wish people would stop blaming chip and pin, the difference is the USA more than any other market has the biggest and most entrenched credit card system. Changing other countries over to chip and pin wasn't hard because those countries were not major credit card users anyway. Changing the worlds biggest economy that had nearly a 20 year head start on credit card processing over is not some easy process, its not even about the CC companies its about the millions of small to mid sized businesses that don't want to trade out expensive equipment. It's similar to why the USA who had the fastest broad band first has a hard time keeping up with those depoloying it later, or why we stick to the English measurement system. Its just a massive undertaking to make the switch, very expensive and the CC companies have to think seriously about it because most businesses in the USA would love to get rid of CC processing and its fees if they could anyway.
 
You must log in or register to reply here.
Back
Top