Cyber criminals have breached Staples' internal data systems, compromising the security of 1.2 million customer cards, the company said in an update on Friday.
Staples announced a security breach in October and have confirmed that suspects used malware at 115 of its United States locations.
"Staples is committed to protecting customer data and regrets any inconvenience caused by this incident," the company said in an announcement, Fortune reports.
"Staples has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools."
Investigation of the security breach has revealed that the suspected criminals were able to access information that includes cardholder names, payment card numbers, expiration dates and card verification codes. All of the above information is considered highly-sensitive by federal commerce standards, putting the cardholders at risk of future security breaches.
In response to the attack, the company is offering free identity protection services and assures its customers that they will not be responsible for charges made by the suspects.
Staples, however, is one of several major companies that have been victim to hacking in recent times.
Last year, Target experienced a security breach that impacted 40 million customers through the release of debit and credit card information, USA Today reports. Home Depot has also been hit--56 million cardholders are said to have been compromised following an almost half-year breach.
The company has not released information about who the likely suspects are.
