US office giant Staples is investigating a possible credit and debit card breach of its Northeastern stores.
Evidence for the hack, reported by cybercrime and prolific breach blower Brian Krebs, is apparently based on a dozen fraud monitor sources within different US banks.
Staples has contacted police and said it was investigating the "potential issue".
Only a small number of Staples' 1800 stores are thought to be affected, according to Krebs' sources.
He said fraudsters may have reproduced the cards using cloning malware implanted in Staples registers and cashed out at other retailers.
"We take the protection of customer information very seriously, and are working to resolve the situation," Staples' communications bod Mark Cautela said in a statement, adding that customers would be covered against fraudulent charges.
If a large breach is confirmed, it could see Staples creating fast-tracking security plans for payment systems such as end-to-end encryption, touted by PoS hacker Slava Gomzin as the only answer to the payments breach menace. ®