Between April and September 2014, POS malware infected point-of-sale systems at 115 Staples store locations across the United States. The breach resulted in approximately 1.16 million customer payment card records being stolen. Staples office supply chain operates over 1,500 stores. The breach was discovered after banks noted patterns of fraudulent card activity at Staples locations. Staples worked with law enforcement and cybersecurity firms to investigate and remediate. Staples disclosed the breach on 20 October 2014 and subsequently confirmed the scope in November 2014. The attackers stole Track 1 and Track 2 payment card data (which could be used to create counterfeit cards) for cards used at affected stores between April and September 2014. Staples replaced POS terminals at affected stores and worked with payment card networks to notify affected financial institutions. The breach was part of the wave of retail POS malware attacks in 2013-2014 affecting Target, Home Depot, Michaels, Neiman Marcus, Sally Beauty, and others.