Multiple banks have traced fraudulent transactions to payment cards that were used at Staples office supply locations in the Northeastern United States.
Staples officials have contacted law enforcement about “a potential issue” the company is investigating.
It is believed the payment terminals at some stores might have fallen victim to card-stealing malicious software that lets thieves clone credit cards that customers have swiped.
Staples has more than 1,800 stores nationwide, but so far the shady charges have only matched up with a group of cards that had previously been used at a small number of locations.
The illegal charges occurred at non-Staples businesses, such as supermarkets and other big-box retailers.
Fraudsters likely extracted customer card data from a subset of Staples locations, including seven in Pennsylvania, at least three in New York City, and another in New Jersey.