Office supply retailer Staples is the latest major business to suffer a security risk.  It is estimated that private account information of more than one million of its customers might have been exposed by a malware attack which occurred during late summer of 2014. The malware appears to have been installed in the point-of-sale systems atmore than one hundred locations.  Customers whose accounts were affected can request free identity protection services from Staples.  Staples has also stated that these customers will not be liable for fraudulent charges.
Staples is just one of quite a few victims in the past year or so:  retailer Target Corp. suffered the largest data breach in history in late 2013 when tens of millions of its customers’ information was put at risk.  In September,tens of millions ofcustomers of national home-improvement supplier Home Depot also had their payment card data stolen over the course of several months. During the same month, sandwich chain Jimmy John’s customers at over two hundred of its restaurants may have had their credit card information exposed.  Other large companies affected by credit card breaches during this period have included financial giant JPMorgan Chase & Co., retailer Kmart, luxury retailer Neiman Marcusand craft store Michaels.
Credit card companies are taking steps to address these risks.  For example, retailers and banks in the United States are beginning to convert their customers from magnetic-stripe credit and debit cards to cardscontaining chips which generate unique codes to secure every transaction. These EMV (i.e., “Europay, MasterCard and Visa”)smart cards are already prevalent in many foreign countries.  Similarly, the iPhone 6 application known asApple Pay makes secure payments by virtue of the telephone user waving a phone near a card terminal.
Despite these efforts to minimize credit card information breaches, the affected retailers may still have to pay to remedy the damage that has been done.  Recently a District Court judge in Minnesota held that a group of financial institutions can proceed with a lawsuit against Target on the ground of negligence in the December 2013 data breach.According to the plaintiff banks Target “failed to heed warning signs” which would have reduced their losses.