CVS, Costco, Walmart Photo Websites Hacked
July 20, 2015
Government and the health care industry have been the targets of the largest recent data breaches. In fact, UCLA Health reported last week a breach that may have compromised the personal and medical information of 4.5 million people. News Friday, however, demonstrated that e-commerce retailers still are targets of hackers looking to mine customer data. CVSPhoto.com, Costcophotocenter.com and Walmart Canada’s photo processing Website all have been temporarily shut down. Visitors to all three sites are greeted by a message informing them of a security breach and CVSPhoto.com said customers’ credit-card information “may been compromised.”
CVS’s statement notes an “independent vendor” may have been compromised and Costco points to a “third party vendor” as the actual victim of the hack. Published reports indicate Vancouver-based PNI Digital Media, which hosts photo processing Websites for CVS, Walmart and Costco, is the vendor in question. PNI Digital Media is owned by office-supply retail giant Staples. All three companies, which have shuttered their photo sites temporarily as they investigate the intrusion, said none of their other sites are affected by the breach.
None of the retailers have disclosed how many consumers may have been affected in this most recent network intrusion. While the state of each’s PCI compliance is unknown and experts say PCI rules are merely baseline protection for retailers’ networks, new PCI rules have complicated compliance. See a current CardNotPresent.com series on the new rules every retailer must keep in mind as they work to secure their customers’ payment data and personal information.