Office supply chain store Staples has acknowledged that nearly 1.16 million payment cards might have been compromised in the cyber attack on the company, which took place earlier this year.
According to the findings of the investigation, Staples detected that hackers installed malware to point-of-sale systems at 115 stores across US.
Staples suspects that the attack exposed data for purchases made between 10th August 2014 and 16th September 2014, and in two of its stores the malware might have affected the system from July.
The office supplier also suspects that hackers might have accessed information regarding payment card numbers, cardholder names and card verification codes.
Information regarding fraudulent payment card usage was also detected during the investigation.
The incident took place from April through September, but the investigation concluded that the activities were not related to the malware.
Staples said in a statement: "As a result, and in light of Staples’ commitment to protecting its customers, Staples is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to customers who used a payment card at any of the affected stores during the relevant time periods."
The company also announced that it immediately took action after the detection and has asked users who shopped in the affected stores to review their account statements.
Staples added: "Staples is committed to protecting customer data and regrets any inconvenience caused by this incident."
"Staples has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools."
