I am willing to bet this retail giant is hoping to put a pin, or a staple, in their major data breach…


 

Friday, September 18th, 2020

Hello readers, I am proud to say we’ve made it to Friday once again! And why not celebrate with jokes about cyber attacks and staples? All right I get it, that joke at the top might be a stretch, but it is a great way to introduce our 30th cyber attack of the week.

This week, CPG is taking a look at the cyber attack on Staples. The office supply giant recently disclosed a data breach that put a large number of customers at risk. 

Let’s dive into the 30th installment of the cyber attack of the week series

 

Staples – That Was Easy

To begin, let’s start with some background on today’s victim, Staples

Staples Inc. is an American office retail company. It is primarily involved in the sale of office supplies and related products, via retail channels and business-to-business-oriented delivery operations. (Via Wikipedia)

Further, I’m sure at one time or another, you may have set foot in one of their many storefronts or purchased items online. Whether you bought a notepad, printer ink or a laptop, this company provides a wide variety of items for sale, earning them a large customer base. 

Overall, that is why when you hear about a company as large as Staples fighting a cyber attack, concern is warranted. 

 

The Attack

Moving on, Staples reported the attack at the beginning of September. Following, security expert, Troy Hunt tweeted the notification letter from Staples on Twitter. 

 


Attackers gained access through a system belonging to Staples. Through this unauthorized access the attackers were able to view what Staples is calling “non-sensitive customer order data”.

This includes items like names, addresses, emails, phone numbers, last four credit card digits, details about the customer’s orders. 

In their statement, Staples goes on to claim that “account credentials or full payment information” did not fall under the breached information. 

 

Next Steps for Staples

Continuing on, at the end of their letter to possibly impacted customers, Staples includes a call to action. While they don’t believe that sensitive information fell victim to the attack, they still want customers to be proactive with their account security. 

The company asks that customers monitor account and statement activity due to the recent breach. The CEO of the company also included a hotline number for questions regarding the breach and the end of the statement. 

Overall, customers should keep an eye on their accounts, as well as update their passwords as an extra security measure. 

In any data breach situation, as an affected customer, it is important to take extra precaution with your account, and continue to monitor statements for any suspicious activity. 

 

By Taylor Ritchey