Login Register Subscribe
Current Issue

CVS, Costco, Rite Aid photo centers breached?

Reprints

Online photo centers operated by CVS Health Corp., Costco Wholesale Corp. and Rite Aid Corp. may have been the victims of cyber breaches caused by an attack on a third-party vendor.

Cvsphoto.com, a unit of Woonsocket, Rhode Island-based CVS Health Corp., Costco Photo Center, which is operated by Issaquah, Washington-based Costco, and mywayphotos.riteaid.com, which is operated by Camp Hill, Pennsylvania-based Rite Aid Corp., have placed notices on their respective websites that there has been a possible compromise at PNI Digital Media, which is used by all three.

Rite Aid said in a statement on its website Friday that it has been advised by on-demand photo printing service PNI, a unit of Framingham, Massachusetts-based Staples Inc., that it is investigating a “possible compromise of certain online and mobile photo account customer data.”

In a statement emailed Monday, a spokesman for CVS confirmed that PNI is the vendor that hosts CVSPhotos.com, but said CVS is unable to provide any additional details about the possible breach while the investigation is underway.

It could not be immediately confirmed as to whether Costco also used PNI.

“Recent media reports indicate that the third-party vendor who hosts our online photo center website has been involved in a security compromise,” Costco said in a statement emailed Monday. “As a result, until we obtain more information, we have temporarily suspended access to our online photo sites in the United States and Canada.”

Costco continued: “We cannot at this time confirm whether or not any members' information was involved, but are doing what we can to ascertain what might have occurred. We will re-open the online photo sites when we are comfortable that there is no threat to the security of our members' data. If our investigation confirms that member data has been compromised, we will reach out to affected members individually to let them know what happened.”

Earlier this month, Walmart Canada Corp., a unit of Bentonville, Arkansas-based Wal-Mart Stores Inc., also reported that its photo website, which is operated by PNI, may have been compromised.

“We take the protection of information very seriously,” PNI said in a statement emailed Monday. “PNI is investigating a potential credit card data issue, and outside security experts are assisting in the investigation. If an issue is discovered, it is important to note that consumers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”