FRAMINGHAM, Mass. (CBS/AP) — Staples Inc. says nearly 1.2 million customer payment cards may have been exposed during a security breach earlier this year.

The office supply retailer said in October that it was looking into a potential credit card breach, adding to a long list of retailers recently hit by cyberattacks.

Staples said Friday that an investigation shows that the criminals used malware that may have allowed access to information for transactions at 115 of its U.S. stores. That includes cardholder names, payment card numbers, expiration dates and card verification codes.

The Framingham, Massachusetts-based company is offering free identity protection services, including credit monitoring, to customers who might be at risk.

The security breach affected different stores at different times between July and September.

IMPACTED STORES:

Delaware
128 Sunset Blvd. New Castle 19720 – August 10, 2014 to September 16, 2014

Pennsylvania
751 Sproul Rd. Springfield 19064 – July 20, 2014 to September 16, 2014
105 E. Swedesford Rd. Exton 19341 – August 10, 2014 to September 16, 2014
2180 MacArthur Rd. Whitehall 18052 – August 10, 2014 to September 16, 2014
1300 South Columbus Blvd. Philadelphia 19147 – August 10, 2014 to September 16, 2014
9906 E. Roosevelt Blvd. Philadelphia 19115 – August 10, 2014 to September 16, 2014
300 West Bridge St. New Hope 18938 – August 10, 2014 to September 16, 2014
4020 Bethlehem Pike Telford 18969 – August 10, 2014 to September 16, 2014
855 East Baltimore Pike Kennett Square 19348 – August 10, 2014 to September 16, 2014

New Jersey
None in our area

For more information, visit: http://staples.newshq.businesswire.com/statement

(TM and © Copyright 2014 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed. The Associated Press contributed to this report.)