Staples Inc. says that nearly 1.2 million customer payment cards may have been exposed during a security breach that occurred earlier this year. Based on internal investigations, Staples believes that malware may have allowed access to some transaction data at the affected stores, including but not limited to cardholder names, payment card numbers, expiration dates, and card verification codes. At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014 and at two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014. Staples is offering free identity protection services — including credit monitoring, identity theft insurance and a free credit report — to customers who used a payment card at any of the affected stores during the relevant time periods. Additional information about the incident, including dates of potential access and how to sign up for free credit monitoring, can be found here. “Staples is committed to protecting customer data and regrets any inconvenience caused by this incident,” the company said in its announcement. “Staples has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools.” Staples stock SPLS -0.51% dipped about 0.5% on Friday, but the company’s shares are actually up more than 40% since news of the possible breach in October. There has been a number of high-profile security breaches at retailers over the past year. In October, Sears Holdings Corp announced a security data breach that compromised some customer payment cards at its Kmart stores. Albertson’s, Home Depot, Michaels, Neiman Marcus, P.F. Chang’s, Target and SuperValu have also been attacked by hackers in the past 12 months.