Staples Says Data Breach Affected 1.16 Million Payment Cards

Staples Inc. provided on Friday an update to the findings of its investigation into the data-security incident that allowed access to customer payment information for about a month through mid-September. The office supply retailer said malware was deployed to some point-of-sale systems at 115 of its more than 1,400 U.S. stores, affecting about 1.16 million payment cards. From Aug. 10 through Sept. 16, the malware allowed access to cardholder names, payment card numbers, expiration dates and card verification codes at 113 stores, the company said. It also allowed access to data from purchases at two stores from July 20 through Sept. 16. Staples stock slipped 0.6% in after-hours trade. The stock has gained 10% this year through Friday's close, compared with a 6.8% gain in the SPDR S&P Retail ETF and a 12% rise in the S&P 500.

Copyright © 2014 MarketWatch, Inc.