"While the investigation is ongoing, the results to date suggest that an unauthorized party entered PNI’s systems and was able to deploy malware designed to capture user input on PNI’s servers that support some of its customers’ websites,” said Kirk Saville, a Staples spokesman.
A few items to note:
1) once again, a smaller 3rd party was the source of a breach. don't overlook the security of your partners/providers.
2) although email has been the entry point of choice for many high profile breaches, in this case it appears to have been the (web) servers. don't lose sight of the importance of securing this vector.
3) a breach can happen to anyone. make sure you have detection and response tools and processes in place.
For more on this incident- https://www.bostonglobe.com/business/2015/09/11/cvs-confirms-data-breach-photo-site-this-summer/xc7m...
For more on ways Fortinet can help- http://www.fortinet.com/solutions/advanced-threat-protection.html