Employees at Staples, the parent company of Essendant, were notified earlier this week that there was a security risk that had unfolded on the company's systems. Originally reported on Reddit, employees were immediately told to avoid using single sign-on for their Microsoft accounts and were advised not to accept any calls, even from internal numbers.
The security breach has created a disruption in processing and deliverability of products.
RestorePrivacy contacted Staples and shared the following statement from a Staples spokesperson:
“On November 27, Staples Inc.’s cybersecurity team identified a cybersecurity risk. We took proactive steps in an effort to mitigate the impact and protect customer data. Our prompt efforts caused temporary disruption to our backend processing and delivering capabilities, as well as our communications channels and customer service lines.
“All of our systems are in the process of coming back online and we expect to return to normal functionality in short order. We may experience slight delays in the interim but expect to ship all orders that have been placed. We apologize for any inconvenience this may have caused for our valued customers.”
A similar situation occurred in September 2020, and Essendant, a Staples-owned wholesale distributor, had to pause operations in March 2023 because of a multi-day, network-wide outage. According to Galactic Advisors reporting, the system disruption at Essendant prevented customers from placing orders online or contracting the company's customer care unit. It was later reported that a ransomware attack was behind the outage.