Breach may affect major retail photo sites

Vancouver – The third-party vendor hosting online photo sites of at least six major retailers may have been the victim of a security breach. The photo pages of CVS, Sam’s Club, Costco, Rite Aid, Wal-Mart Canada and Tesco, all clients of Vancouver-based PNI Digital Media Inc., have been temporarily taken down.



Online messages on the photo sites of CVS and Wal-Mart Canada inform consumers credit card information may have been compromised, while Sam’s Club says there was a potential compromise of a third-party vendor but it does not believe credit card information was exposed and Rite Aid says data that may have been affected is name, address, phone number, email address, photo account password and credit card information. However, according to Rite Aid, PNI does not process any of its credit card transactions.



Meanwhile, Costco only references a possible security compromise of the third-party vendor hosting its photo site and Tesco merely says its photo site is closed for “routine maintenance.” Walgreens is also reportedly a PNI Client, but as of Monday morning its photo site was operating normally.



PNI Digital Media is owned by Staples Inc. There is no message about a breach on the company’s site. Third-party vendors have been culpable in other retail breaches, most notably the major breach which occurred at Target Corp. in 2013, and originated from an intrusion at a third-party HVAC vendor.