Office supply company Staples released a statement Friday regarding the data breach that affected payments systems at some of its stores, saying about 1.16 million payment cards were potentially affected by the attack.
The breach came to light in late October, when banks noticed a pattern of fraudulent credit and debit card transactions among cards that had been used at some Staples stores. In its most recent update on the incident, Staples confirmed the breach occurred at 113 of its more than 1,400 U.S. locations from Aug. 10 to Sept. 16 this year. At two stores, the attack dates back to July 20. Additionally, Staples’ investigation uncovered fraudulent card use related to four stores in New York City between April and September 2014, but those stores do not appear to have been affected by malware.
“If the bulk of this is credit cards, you really don’t need identity theft insurance,” said Adam Levin, identity theft expert and chairman and co-founder of Credit.com. Getting a new card should be protection enough, Levin said, but get the free services anyway. “I always urge people, if they’re offering something that will monitor your credit and they’re offering something that will help you in the event you’re a victim of identity theft, take it.”
If you’re a Staples customer and haven’t yet checked your credit and debit card statements for signs of fraud, you should do that, and request a new card from your issuer if necessary (that is, if they haven’t already done so). The company posted a list of affected locations, and people who shopped at those stores within the dates specified will have access to free credit monitoring, identity theft insurance and a free credit report, the statement says.
The malware that allowed access to the card data may have taken cardholder names as well as card numbers, expiration dates and security codes, the statement says. Affected customers should mainly be concerned about unauthorized transactions, which can be very damaging if not quickly identified and stopped.
It’s a good idea to check your credit and debit card activity regularly, even daily, so you can report fraud as soon as possible. The sooner you spot fraud, the faster you can address it and the less likely it is to affect your financial situation or credit standing. Fraud liability varies by card type and how quickly you report it, Levin noted, so vigilance is crucial.
Monitoring your credit score is another way to catch fraud, because your score will likely drop if someone is running up debt in your name. You can see two of your credit scores and get a credit report summary for free on Credit.com, which can help you spot fraud.
If you get a new credit or debit card, don’t forget to update any automatic payments that are charged to the card. It can be easy to forget to do this, but such an oversight could cause you to miss important bill payments, potentially leading to late fees. Whoever you owe might even send the unpaid balance to a debt collector, so try to take care of everything stemming from the unauthorized activity as quickly as possible.
More on Identity Theft:
- Identity Theft: What You Need to Know
- 3 Dumb Things You Can Do With Email
- How Can You Tell If Your Identity Has Been Stolen?
Image: Anthony92931, via Wikimedia Commons