Staples: Breach May Have Affected 1.16 Million Customers' Cards

mpicpp writes with this excerpt from Fortune: Staples said Friday afternoon that nearly 1.16 million customer payment cards may have been affected in a data breach under investigation since October. The office-supply retailer said two months ago that it was working with law enforcement officials to look into a possible hacking of its customers' credit card data. Staples said in October that it had learned of a potential data theft at several of its U.S. stores after multiple banks noticed a pattern of payment card fraud suggesting the company computer systems had been breached. Now, Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers' names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16, the company said.

Honestly

I'm beginning to believe no one has a fracking clue about IT security, that no one understands that security is a process, not a product, that audits are conducted weekly, monthly, yearly with documentation to show findings, changes, what works, what doesn't.

I'm honestly thinking about taking cash from the bank and using that for all my purchases -- using the Dave Ramsey envelope technique I used to get out of debt a decade ago -- until the people that run these companies get a clue about how to run a business with a modicum of common sense. If Walmart can keep safe, anyone can. Really.