Several large retailers, including Costco, CVS an Rite Aid, are taking down their photo sites after reports that a third-party vendor has been hacked.
PNI Digital Media, which is used by several retailers to manage their photo sites and is now owned by Staples, is currently investigating the possibility of a data security breach, Reuters reports. As a result, some retailers have taken down their sites to investigate or as a precaution.
The list is long and includes Costco, Sam’s Club, CVS, Walmart Canada, Rite Aid and British Supermarket chain Tesco’s. In the case of Issaquah, Wash.-based Costco, customers are being told that the site is down as a “precautionary step.”
“As a result of recent reports suggesting that there may have been a security compromise of the third party vendor who hosts Costcophotocenter.com we are temporarily suspending access to the site,” it said. “This decision does not affect any other Costco website or our in-store operations, including in-store photo centers.”
A Costco spokesman did not immediately reply to an email asking when the photo center may come back online.
UPDATE: A Costco spokesperson provided this additional comment: “We cannot at this time confirm whether or not any members’ information was involved, but are doing what we can to ascertain what might have occurred. We will re-open the online photo sites when we are comfortable that there is no threat to the security of our members’ data. If our investigation confirms that member data has been compromised, we will reach out to affected members individually to let them know what happened.”
A similar message appears on the Sam’s Club site, advising that it is temporarily suspending access to the site. “At this time, we do not believe customer credit card data has been put at risk,” it added.
Many of the sites, including Costco’s, do not accept credit cards, but charge customers for the photos in the store when they come to pick them up. In that case, it’s unlikely that a customer’s financial data has been compromised. However, in the case of CVS and Walmart Canada, customers are being asked to monitor their credit card transactions closely for unauthorized charges.
In Rite Aid’s statement, it says PNI is warning that the data that may have been affected includes address, phone number, email address, photo account password and credit card information. Although Rite Aid says PNI does not process credit card information on its behalf and therefore has limited access to the information.
The retailers’ main websites were not affected by the potential breach, but that still might not make some customers comfortable with hackers potentially looking at their photos from their latest vacation or Bar Mitzvah.