Staples appears to be the latest US retailer dealing with a security breach. The company is investigating a “potential” issue and has reached out to law enforcement for assistance according to a report from Krebs on Security.

More than half a dozen sources at multiple banks have noticed a pattern of credit and debit card fraud leading back to Staples. The good news at this point is that the theft appears to be limited to retail locations in the northeastern region of the country.

Specifically, Krebs reports that at least seven Staples stores in Pennsylvania, three in New York City and one in New Jersey were hit. Fraudulent charges from the stolen card information have taken place at non-Staples stores like supermarkets and other big-box retailers.

As the publication correctly points out, this suggests we could be looking at a case of card-stealing malware installed on cash registers at affected stores. Crooks then created counterfeit copies of the cards to swipe at other stores.

Staples’ senior public relations manager Mark Cautela said they take the protection of customer information very seriously and are working to resolve the situation. In the event Staples discovers an issue, customers won’t be responsible for fraudulent charges so long as they are reported in a timely manner.

The news comes as Apple launches its mobile payments service, Apple Pay. In addition to added convenience, Apple Pay promises to be safer than using a credit or debit card as merchants never come into contact with a customer’s payment credentials.