• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
Nvidia Gets In The CPU Game With ARM Purchase
September 26, 2020
Data Breach Of Department Of Veterans Affairs
September 29, 2020

Staples May Have Exposed Some Of Its Customer Data

September 28, 2020

If you’re a customer of US retail chain Staples, you may have recently received a notification from the company regarding a problem with their Order Tracking system.

According to information in the notification, the data was left exposed due to insufficient protections of the data stream accessed when a customer clicked to review their current and past orders.

The company stressed that to this point, there is no evidence that any exposed data has been accessed by third parties and no unauthorized purchases have been detected.

Although the company has now fixed the issue, the lack of specifics in the company notification led to speculation that the company may have been hacked. This speculation was given teeth by a recent tweet from the threat intelligence company, Bad Packets. They revealed that Staples was slow to patch a number of their Pulse Secure VPN servers, which were vulnerable to CVE-2019-11510.

Although the company has neither confirmed or denied the claim made by Bad Packets, the company outlined an all too plausible way that a hacker could have accessed order data, including the order’s shipping address.

Here’s how that could have happened:

Staples’ order tracking portal allows you to enter in your zip code and order number to track your package, but the order numbers are sequential. So starting with an exposed order number, a hacker could access the route of a package to the city and state, which would give them a short list of possible zip codes. Trial and error would do the rest, and the hacker would end up with your name, address, and at least some information about how you paid for the purchase, although payment card information itself would not have been exposed.

In any case, it’s all speculation and the issue has been fixed. Out of an abundance of caution, if you are a Staples customer, keep a watchful eye out on the payment card you use to make purchases from the company, and track your existing orders more closely to be sure you get everything you paid for.

Share
79
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing