Staples informed some of its customers through a notification letter that data related to their orders have been accessed without authorisation.
Staples informed some of its customers through a notification letter that data related to their orders have been accessed without authorisation.
Staples
Staples is an American office retail company primarily involved in the sale of office supplies and related products, via retail channels and business-to-business (B2B) oriented delivery operations.
The company has not yet disclosed the incident publicly and alerted affected customers individually over email.
According to BleepingComputer, the incident occurred around September 2 and consisted of unauthorised access to a system belonging to Staples.
The company has sent a notification letter signed by Staples Inc. CEO Alexander `Sandy’ Douglas provided an outline of the incident.
Security Researcher Troy Hunt received the notification in a data breach report.
The letter states that there was an unauthorised access to a `limited amount’ of non-sensitive customer data. The non-sensitive data includes name, address, email, phone number, last four digits of the payment card, and information about the cost, delivery and product order.
The information exposed can still cause scams via email or phone call or can also gather up more information for a better-prepared attack.
Douglass also states that account credentials and full payment card data remained unaffected by the incident and that there is no evidence to point to unauthorised purchases on the customer’s behalf.
To learn more, the recipients of the data breach notification can contact Staples directly by calling during business hours. They should choose option 3 to speak to a company representative.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?