Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Retailers Suspend Online Photo Centers Due to Possible Breach

Walmart Canada, Tesco, Costco, pharmacy chains CVS and Rite Aid, Sam’s Club, and possibly other retailers have decided to suspend online photo centers while their service provider investigates a possible card breach.

Walmart Canada, Tesco, Costco, pharmacy chains CVS and Rite Aid, Sam’s Club, and possibly other retailers have decided to suspend online photo centers while their service provider investigates a possible card breach.

CVS and Walmart Canada were the first to announce shutting down their online photo services after learning that the third-party responsible for managing and hosting their photo centers may have been compromised.

The third party in question appears to be PNI Digital Media, a Vancouver, Canada-based company whose website says its online photo center service is used by the world’s leading retailers.

PNI Digital Media has not released a statement on the matter. However, many of the major retailers that use the company’s services have suspended their online photo centers.

While many of the retailers that use PNI’s platform have posted notices on their websites, the pharmacy chain Rite Aid provides the most details and is the only one to name PNI Digital Media as its service provider.

“We recently were advised by PNI Digital Media, the third party that manages and hosts mywayphotos.riteaid.com, that it is investigating a possible compromise of certain online and mobile photo account customer data. The data that may have been affected is name, address, phone number, email address, photo account password and credit card information,” Rite Aid said. “Unlike for other PNI customers, PNI does not process credit card information on Rite Aid’s behalf and PNI has limited access to this information. At this time, we have no reports from our customers of their credit card or other information being affected by this issue.”

CVS is advising customers who provided payment card information for transactions on CVSPhoto.com to keep an eye out for any fraudulent or suspicious activity.

“We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services,” CVS said.

Advertisement. Scroll to continue reading.

Tesco’s notice doesn’t mention anything about a potential security incident. Instead, the Tesco Photo website is “unavailable for routine maintenance.”

Membership-only retail warehouse club chain Sam’s Club says it does not believe that customer credit card data has been put at risk, but the company has decided to suspend the Sam’s Photo website following reports about a possible data breach. Costco says it has also shut down its photo center as a result of the recent reports.

Walmart says it has launched an investigation and it will be contacting customers who may be impacted.

“We were recently informed of a potential compromise of customer credit card data involving Walmart Canada’s Photocentre website, www.walmartphotocentre.ca,” Walmart said. “At this time, we have no reason to believe that Walmart.ca, Walmart.com or in-store transactions are affected. As we gather the facts, we recommend Walmart Canada’s Online Photocentre customers monitor their card transactions closely and immediately alert their financial institution about any unauthorized charges.”

PNI Digital Media has been contacted for comment.

PNI Digital Media was acquired in 2014 by Staples, Inc. In December 2014, Staples reported finding point-of-sale (PoS) malware in 115 of its U.S. stores. The company noted at the time that the attackers might have accessed 1.16 million cards.

Security reporter Brian Krebs noted that PNI Digital Media’s Wikipedia and Investors Relations pages have been modified, respectively removed. These pages listed some of the company’s customers before reports of a potential breach surfaced.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.