Staples Inc., the largest U.S. office-supply retailer, said 1.16 million payment cards may have been affected in a series of data breaches that occurred from July into September.

The theft occurred after criminals deployed malware on point-of-sale systems at 115 of Staples' 1,400 U.S. stores, the Framingham, Massachusetts-based company said Dec. 19 in a statement. The company disclosed in October that it was investigating a potential breach.

Staples is among a growing number of retailers that have had card systems compromised by hackers. Target Corp. was among the first to disclose such an attack, about a year ago, and since then Home Depot Inc., Sears Holdings Corp.’s Kmart chain and Neiman Marcus Group Ltd. have said they’ve been struck.

The Staples breach is smaller than the previous incidents at Home Depot and Target. At Home Depot, the world’s largest home-improvement chain, data for 56 million cards and 53 million e-mail addresses were compromised. Target’s breach included details for 40 million cards and 70 million addresses, phone numbers and other information.

Staples is offering free identity protection services and a free credit report to customers who used a payment card at any of the affected stores during the relevant time periods.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry