Staples leaks names, addresses, phone numbers, emails and the last four card digits of millions of users

New information leaks are reported daily by data destruction specialists. Staples, one of the largest office goods sales companies has notified some of its customers that an unauthorized actor accessed the data related to their orders. At the moment there is not much information about it, as the company decided not to publicly acknowledge the incident and alert users by email instead.

The network sent a brief notification to its users signed by Alexander Douglas, its CEO: “We want to let you know that we detect unauthorized access to a limited amount of non-sensitive information about scheduled orders in, which could include data about your orders,” the security alert says.

Experts in data destruction mention that the incident would have occurred on September 2nd, and it was detected a couple of days later.

Troy Hunt, a renowned security researcher, received the report on the data breach and proceeded to analyze the incident, suggesting that the Canadian company’s website was not compromised. 

The company still needs to continue the investigation to determine the exact causes of the incident, although Staples preliminary mentions that potentially compromised data include:

  • Full names
  • Addresses
  • Phone numbers
  • Last 4 digits of bank cards
  • Order details (products, costs, delivery dates)

As in other security incidents, compromised information could be used by malicious hackers to attack users affected by the data breach, as mentioned by data destruction specialists.

In its security alert, Staples emphasizes that the credentials of affected users were not compromised and the full card numbers are also secured. The alert concludes by mentioning users that they can learn more by calling any of the company’s customer service phones.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to visit the International Cyber Security Institute (IICS) website, as well as the official platforms of technology companies.