Cybercriminal phishing for sensitive data

Staples faces online order disruptions because of a cyberattack

Staples, an American office supply company, has shut important networks following a breach earlier this week. This step took place to protect consumer data and lessen the effects of the attack.

In the US and Canada, Staples oversees a vast network of 994 stores. To enhance its retail presence, the firm has 40 fulfilment centres that are strategically positioned to ensure effective countrywide product storage and delivery.

The office supply company apologised to its customers for any inconvenience. A new service statement on the main website stated apology.

Staples home page displays an apology
Staples home page displays an apology (Staples)

Staples is currently solving technical issues affecting their systems, with a restoration to regular operations expected soon. The company will then investigate any effects on customer or staff data.

The Staples Inc. cybersecurity team discovered a serious vulnerability issue on November 27, 2023. As a result, Staples moved quickly to protect consumer data and lessen the effects of any possible assault.

Data breach notification letters will be issued to anybody impacted by the recent security incident if sensitive information is discovered to have been compromised.

Staples is presently recovering from a hack, so customers may have “slight delays” getting their products. Rest assured that this vendor is dedicated to swiftly completing all orders.

Staples has not responded to a request for comment, raising doubt about the potential loss of consumer data. Nonetheless, staff members at the office supply company disclose on Reddit that the cyberattack was so bad that it prevented access to a number of internal IT systems.

The disclosure follows many Reddit postings revealing numerous internal working issues at Staples. Users reported issues such as being unable to use Zendesk, VPN employee portals, print emails, utilise phone lines, and more.

An employee at Staples posted on Reddit:

Everything is still down. I work in store and we have no access to email, bizfit, pogs, ehelp desk. DM said they were fixing it over night last night but obviously nothing was fixed. This is nuts. I have never seen anything like this in my 20 years with Staples.

According to unconfirmed allegations, Staples workers have been recommended not to log into Microsoft 365 via single sign-on (SSO). There is also evidence that contact centre workers have been ordered to work remotely for two days in a row. The exact reasons for these orders are unknown, and the source of these information has yet to be confirmed.

Staples has not verified any data breaches to far. However, given the nature of the intrusion, it is possible that hackers accessed files holding private employee or customer data. It is critical to tackle this lack of clarity as soon as possible to provide transparency and to address any potential issues.

Staples has not yet launched an inquiry into the incident’s possible impact on classified data. However, after the company has restored its systems, it is quite likely that it would investigate the potential of a data breach.

Staples locations remain open and running. Orders bought on, on the other hand, may be delayed due to current difficulties with linked systems.

In addition, the spokesperson said:

All of our systems are in the process of coming back online, and we expect to return to normal functionality in short order. We may experience slight delays in the interim but expect to ship all orders that have been placed.

Although the incident did not involve the use of ransomware and the files remained unencrypted, it is important to remember that encryptors are typically the final payload in a ransomware attack. Staples’ quick response, which included the immediate closure of networks and VPNs, most certainly stopped the attack before it could go further.

Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts