According to Krebs, it appeared that criminals gained access to customer credit card data at seven Staples in Pennsylvania, three in New York, and one in New Jersey. 

Krebs attributed that information to sources at a half-dozen, unnamed East Coast banks. It is not yet known if the possible breach extends beyond the identified states.

Often, such breaches initially start with a report of a handful of compromised stores and then, as the incident is investigated, the numbers balloon, as does the time the breach went undetected, Aviv Raff, chief technology officer at Seculert, a Santa Clara, Calif.-based threat protection company, said, adding, he expected a similar scenario occurred in the Staples incident.

Read more: Retailers need to switch gears …

Raff also plaintively asked when retailers would shift the focus from perimeter defense – since hackers have figured out how to penetrate the perimeters – and onto implementing tools for quicker detection of and response to breaches.

"Enterprises are now coming to a conclusion that they are either already compromised or will soon be," Raff said. "It's not a matter of 'if,' it's a matter of 'when.' The breach shows the necessity of moving from trying to prevent an attack to try and detect and respond as quickly as possible."

The one fact is yet another big retailer has been breached.

Quipped a card expert at a large processor with many credit union clients, "It has become like 'Groundhog Day' every day." 

In that 1993 film, Bill Murray, playing a weatherman, found himself repeating the same day over and over.

The card expert asked for anonymity because he did not wish to appear to be joking about a situation of substantial importance to credit unions and their members.

New breaches have been disclosed with increasing frequency but often, their details are essentially similar from incident to incident. 

"Sadly, we are no longer shocked by the now near-daily breach headlines that inundate the news," Chris Sullivan, vice president of advanced solutions at Courion, an identity and access management company in Westborough, Mass., said.

"Staples is the latest victim to be hit by the same kind of attack that so many other U.S. retailers have suffered in recent months," Sullivan said. "Nonetheless, you have to ask, 'are retailers doing enough to protect customer credit card information, reduce data breach threats and learn from earlier incidents. Or, are hackers evolving their attacks to sidestep counter measures being deployed?'"

Sullivan continued, "Whatever the answer, it is clear that retailers need to have stronger data protection strategies that include a more holistic view into security data."

"Strategies that mitigate risk through continuous monitoring of security data, particularly related to user access privileges, can provide this view and give retailers and other organizations the early detection capabilities essential for spotting access of sensitive data and applications that is outside the norm," he added.