Connect with us

Hi, what are you looking for?



Retailers Suspend Online Photo Centers Due to Possible Breach

Walmart Canada, Tesco, Costco, pharmacy chains CVS and Rite Aid, Sam’s Club, and possibly other retailers have decided to suspend online photo centers while their service provider investigates a possible card breach.

Walmart Canada, Tesco, Costco, pharmacy chains CVS and Rite Aid, Sam’s Club, and possibly other retailers have decided to suspend online photo centers while their service provider investigates a possible card breach.

CVS and Walmart Canada were the first to announce shutting down their online photo services after learning that the third-party responsible for managing and hosting their photo centers may have been compromised.

The third party in question appears to be PNI Digital Media, a Vancouver, Canada-based company whose website says its online photo center service is used by the world’s leading retailers.

PNI Digital Media has not released a statement on the matter. However, many of the major retailers that use the company’s services have suspended their online photo centers.

While many of the retailers that use PNI’s platform have posted notices on their websites, the pharmacy chain Rite Aid provides the most details and is the only one to name PNI Digital Media as its service provider.

“We recently were advised by PNI Digital Media, the third party that manages and hosts, that it is investigating a possible compromise of certain online and mobile photo account customer data. The data that may have been affected is name, address, phone number, email address, photo account password and credit card information,” Rite Aid said. “Unlike for other PNI customers, PNI does not process credit card information on Rite Aid’s behalf and PNI has limited access to this information. At this time, we have no reports from our customers of their credit card or other information being affected by this issue.”

CVS is advising customers who provided payment card information for transactions on to keep an eye out for any fraudulent or suspicious activity.

Advertisement. Scroll to continue reading.

“We have been made aware that customer credit card information collected by the independent vendor who manages and hosts may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services,” CVS said.

Tesco’s notice doesn’t mention anything about a potential security incident. Instead, the Tesco Photo website is “unavailable for routine maintenance.”

Membership-only retail warehouse club chain Sam’s Club says it does not believe that customer credit card data has been put at risk, but the company has decided to suspend the Sam’s Photo website following reports about a possible data breach. Costco says it has also shut down its photo center as a result of the recent reports.

Walmart says it has launched an investigation and it will be contacting customers who may be impacted.

“We were recently informed of a potential compromise of customer credit card data involving Walmart Canada’s Photocentre website,,” Walmart said. “At this time, we have no reason to believe that, or in-store transactions are affected. As we gather the facts, we recommend Walmart Canada’s Online Photocentre customers monitor their card transactions closely and immediately alert their financial institution about any unauthorized charges.”

PNI Digital Media has been contacted for comment.

PNI Digital Media was acquired in 2014 by Staples, Inc. In December 2014, Staples reported finding point-of-sale (PoS) malware in 115 of its U.S. stores. The company noted at the time that the attackers might have accessed 1.16 million cards.

Security reporter Brian Krebs noted that PNI Digital Media’s Wikipedia and Investors Relations pages have been modified, respectively removed. These pages listed some of the company’s customers before reports of a potential breach surfaced.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...