Staples investigates data breach; Moscow cleared of JPMorgan hack

Staples investigates data breach; Moscow cleared of JPMorgan hack

Office supply retailer Staples has become the latest firm to reveal that it is investigating a possible data breach that could leave customer payment card details at risk.

The company was jolted into confirming that it has called in law enforcement by a report from security blogger Brian Krebs which disclosed that banks have identified fraud patterns indicating that several of its outlets in the north east of the US have been hit by hackers.

The possible breach is the latest in a long line at some the biggest retailers in the US over the last year. It is nearly a year since the Target attack first came to light, since when Neiman Marcus, Home Depot and, most recently, Sears-owned Kmart have all admitted their own breaches.

The spate of attacks has given urgency to the US's adoption of EMV chip technology. On Friday Barack Obama did his part, signing an executive order mandating the use of chip and PIN at executive departments and agencies for card payments.

Meanwhile, authorities are trying to find the culprits behind the attacks. In the case of one breach, at JPMorgan Chase, the FBI and Secret Service have now ruled out a potential hacker - the Russian government.

Speculation that Moscow may have been behind the attack - which saw the personal information of more than 80 million customers stolen - bubbled up in August as tension between Russia and the US grew over the Ukraine crisis. However, authorities now think that common cybercrooks were responsible.

With cybersecurity now a huge priority for the financial services industry, the US securities trade body Sifma has set out its own recommendations on what the industry and government can do to tackle the problem.

Sifma is calling on the government to embrace its responsibility to protect the business community and to listen to the industry when developing agency guidance. Despite insisting it takes the threat seriously, the body says that the resources of firms must be considered when guidance is shaped and that it must "flexible, scalable and practical". Concerns about secrecy are also aired, with the paper insisting that information sharing is limited to "respect firms' confidences".

The US government is facing plenty of fire from hackers itself, figures from its accountability office show. Federal agencies reported 48,562 cybersecurity incidents in 2012, up 782% on 2006. The office's Watch Blog notes that 24 federal agencies had information security weaknesses in key control categories such as supply chain issues.

Comments: (1)

A Finextra member
A Finextra member 21 October, 2014, 18:07Be the first to give this comment the thumbs up 0 likes

The USA is now subject to market compression....    asone of the last places that fraudsters can easily collect large numbers of card numbers that can then be used either online or in a white plastic format, it is inevitable that the Crims will gather for a final feeding frenzy before EMV is implemented...   

Even naysayers against the business case for EMV are coming round, the watermarked mag stripes and other interim defence measures are being thrown away as the US Cards industry  runs for EMV cover.    Lets hope the costs in consumer confidence are not too high and that the US Industry realises that CAT's are one of the benefits that EMV can bring to help pay for the changeover