Staples, a retail superstore giant, has confirmed some of its IT systems had to be taken offline after a “cyber incident” was identified and partially contained.
The incident, which experts believe is a data-extortion ransomware attack, caused temporary disruption to the staples.com processing and delivering capabilities and the company’s communications channels and customer service lines.
Staples didn’t immediately respond to a request for comment, making it unclear if any customer data was stolen. But on Reddit, employees at the office supplier reported that the attack was bad enough to shut down access to several internal IT systems, including the corporate VPN.
The Framingham, Mass. company, which runs a chain of stores throughout the U.S., posted a brief note to its home page acknowledging the incident:
As per the statement, We took proactive steps in an effort to mitigate the impact and protect customer data. Our prompt efforts caused temporary disruption to the staples.com processing and delivering capabilities, as well as to our communications channels and customer service lines.
We apologize for the inconvenience, and rest assured, all of our systems are in the process of being restored. We expect to return to full functionality in short order.
Details of the incident remain scarce, but security experts say it has all the hallmarks of a company scrambling to reduce the fallout from a cyberattack from a professional ransomware gang.
Staples says all of its retail stores remain open and are operating normally. The company runs about 990 brick-and-mortar locations across the US.
