Kaja Whitehouse

USA TODAY

Staples on Friday said cyber criminals may have compromised 1.2 million customer cards.

On Friday, Staples gave an update to a data breach announced in October, saying criminals deployed malware to point-of-sale systems at 115 of its more than 1,400 U.S. retail stores.

Staples said its investigation revealed that the malware may have allowed the criminals access to transaction data "including cardholder names, payment card numbers, expiration dates, and card verification codes."

At 113 stores, the malware may have allowed access to this data for purchases made from August 10 through September 16, 2014, Staples said.

At two stores, the malware may have allowed access to data from purchases made from July 20 through September 16, 2014.

Overall, the company believes that approximately 1.16 million payment cards may have been affected.

Its the latest in a long line of data breaches at national retailers. Target suffered a 2013 holiday shopping data breach that affected 40 million customer credit and debit cards. Home Depot, meanwhile, recently said some 56 million customer cards may have been compromised following a five month attack on its network, which involved the criminals entering with a third-party vendor's user name and password.