Privacy Ninja

Staples Discloses Data Breach Exposing Customer Info

Staples Discloses Data Breach Exposing Customer Info

Giant office retail company Stables informed some of its customers that data related to their orders has been accessed without authorization.

Few details are available at the moment. The company has not disclosed the incident publicly and alerted affected customers individually over email.

‘Non-Sensitive Data’ Accessed

It is important to note that Staples’ main business is selling office supplies and related products using retail channels and through business-to-business engagements.

The office retail giant sent out a brief notification letter signed by Staples Inc. CEO Alexander ‘Sandy’ Douglas providing an outline of the incident.

BleepingComputer learned that the event occurred earlier this month around September 2 and consisted in unauthorized access to a system belonging to Staples.

Also Read: How To Check Data Breach And How Can We Prevent It

Security researcher Troy Hunt received the notification in a data breach report. It appears that “a limited amount” of order data for customers of Staples.com – suggesting that the Canadian website is not impacted – was accessed by an unauthorized party. This “may have included information about one of your orders,” the letter reads.

The retailer has yet to determine what exactly got accessed but it could contain what Staples classifies as “non-sensitive customer order data:” names, addresses, email addresses, phone numbers, last four credit card digits, details about the order (delivery, cost, product).

These details, though, can still serve malicious purposes in email or phone call scams, or to collect more information for a better prepared attack.

Douglas stresses in the notification that account credentials and full payment card data remained unaffected by the incident and that there is no evidence to point to unauthorized purchases on the customer’s behalf.

Recipients of the Staples data breach notification can learn more by calling Staples directly during business hours. They should choose option 3 to speak to a company representative.

BleepingComputer has reached out to Staples for a statement and is waiting for a reply. We also called the number included in the notification letter and the specified option is for gift cards and data breach information.

Staples managed to stay out of the news as far as security incidents are concerned since the compromise of point-of-sale systems in 2014 at 115 o its retail stores in the U.S.

Also Read: Basic Info On How Long To Keep Accounting Records In Singapore

Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES:

DPO-As-A-Service (Outsourced DPO Subscription)
Vulnerability Assessment & Penetration Testing (VAPT)
PDPA Obligations for Organizational Compliance (SkillsFuture Credit Eligible)

OTHER SERVICES:

PDPA Compliance Audit
Dig
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Smart Contract Audit


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× How can we help you?