SAN FRANCISCO ( TheStreet) -- Staples (SPLS) announced Friday that cyber thieves may have compromised the credit cards of 1.16 million of its customers, a disclosure that comes on the eve of the last shopping weekend before Christmas. Whether the timing of this news puts a dent in customers' shopping behavior at such a critical time has yet to be seen.
Back in October, Staples acknowledged it was investigating a potential malicious security breach of its cash registers. But at the time it didn't release the extent of the attack.
On Friday it released greater detail. The office supply retailer announced that malicious software was put on its point-of-sale systems at 115 of its U.S. retail stores. With this hack attack, cyber thieves were able to access information on credit card transactions and put that knowledge to use.
Staples, in its FAQ, stated:
For 113 of the 115 affected stores, transaction data may have been accessed for payment cards used from August 10 through September 16, 2014. For the remaining two stores, transactions from July 20 through September 16, 2014 may have been accessed.
Additionally, during our investigation we received reports of fraudulent payment card use related to four stores in Manhattan, New York at various times from April through September 2014.