(Bloomberg) -- Staples Inc., the largest U.S. office-supply retailer, said 1.16 million payment cards may have been affected in a series of data breaches that occurred from July into September.

The theft occurred after criminals deployed malware on point-of-sale systems at 115 of Staples’ 1,400 U.S. stores, the Framingham, Massachusetts-based company said today in a statement. The company disclosed in October that it was investigating a potential breach.

Staples is among a growing number of retailers that have had card systems compromised by hackers. Target Corp. was among the first to disclose such an attack, about a year ago, and since then Home Depot Inc., Sears Holdings Corp.’s Kmart chain and Neiman Marcus Group Ltd. have said they’ve been struck.

Staples shares were little changed at $17.48 at 5:06 p.m. in late trading in New York. The stock had gained 10% this year through the close of regular trading today.

The Staples breach is smaller than the previous incidents at Home Depot and Target. At Home Depot, the world’s largest home-improvement chain, data for 56 million cards and 53 million e-mail addresses were compromised. Target’s breach included details for 40 million cards and 70 million addresses, phone numbers and other information.

Staples is offering free identity protection services and a free credit report to customers who used a payment card at any of the affected stores during the relevant time periods.

Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.