Staples, Inc., a major office supply retailer, has confirmed a cyberattack that disrupted its online order processing and delivery systems on November 30, 2023.
While the company has not yet confirmed whether any data was breached, the nature of the attack suggests that customer information could be at risk.
This incident comes after several Reddit posts emerged on Monday, detailing widespread internal issues at Staples, including inaccessible employee portals, email outages, and non-functional phone lines.
On November 27, Staples Inc.’s cybersecurity team identified a cybersecurity risk and took immediate action to mitigate its impact.
Unconfirmed reports suggest that the attack may have been more significant than initially revealed.
Some sources claim that Staples employees were instructed to avoid logging into Microsoft 365 using single sign-on (SSO) and that call center employees were sent home for two consecutive days.
While the company declined to comment on these specific reports, the widespread disruption suggests a potentially serious incident.
Here’s what we know so far:
- Date of incident: November 30th, 2023
- Type of Attack: The cyberattack occurred during the critical Cyber Week sales period, impacting customer experience.
- Affected systems: Online order processing and delivery systems were disrupted and Customer support channels were also impacted.
- Impact: Temporary suspension of online orders, delays in order fulfillment, limited customer service availability
- Data breach: The company has not yet confirmed whether any data was breached, but the possibility exists.
- Status: Systems being restored, full functionality expected soon
- Recommendations: Visit local store for immediate needs, check website for updates
- Staples is investigating the incident and expects to return to full functionality soon.
What should you do if you are a Staples customer?
- Monitor your credit card statements and bank accounts for any suspicious activity.
- Change your passwords for any online accounts that you use with Staples.
- Be cautious of phishing emails or other attempts to steal your personal information.
- If you believe that your information has been compromised, contact Staples and your bank immediately.
Similar Incidents in the Past
This is not the first time that Staples has been impacted by a cybersecurity incident. In September 2020, Essendant, a Staples-owned wholesale distributor, had to pause operations in March 2023 because of a multi-day, network-wide outage.
According to Galactic Advisors reporting, the system disruption at Essendant prevented customers from placing orders online or contracting the company’s customer care unit. It was later reported that a ransomware attack was behind the outage.
It is important to note that the situation is still developing, and more information may be released in the coming days and weeks. Staples retail stores continue to operate normally.
The company should conduct cybersecurity awareness programs to its employees.
We encourage you to stay updated on the latest news and take steps to protect your personal information.