A third-party vendor is investigating a potential credit card incident that has prompted Rite Aid, Costco, Sam's Club and Tesco to follow CVS and Walmart Canada in taking their respective photo center websites offline.
The vendor was named as PNI Digital Media by CVS and Rite Aid, and the company reportedly hosts and maintains Walmart Canada's photo center website as well. It was acquired by Staples a year ago.
“PNI is investigating a potential credit card data issue, and outside security experts are assisting in the investigation,” said a PNI Digital Media statement emailed to SCMagazine.com on Monday. “If an issue is discovered, it is important to note that consumers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”
In a notification posted to its mywayphotos.riteaid.com website, Rite Aid said it was advised by PNI Digital Media that an investigation is underway into a possible compromise of certain online and mobile photo account customer data.
That data may have included names, addresses, phone numbers, email addresses and credit card information, the notification indicated.
“Unlike for other PNI customers, PNI does not process credit card information on Rite Aid's behalf and PNI has limited access to this information,” the notification said. “At this time, we have no reports from our customers of their credit card or other information being affected by this issue.”
A notification posted to the Costco photo center website and a statement emailed to SCMagazine.com on Monday indicated that Costco's website was taken down following recent reports that a third-party vendor that hosts the site was compromised.
Costco did not identify the vendor in a Monday email correspondence with SCMagazine.com; however, a Google cache version of the Costco photo center website revealed that the pages are hosted by PNI Digital Media.
“We cannot at this time confirm whether or not any members' information was involved, but are doing what we can to ascertain what might have occurred,” the Costco statement said. “We will re-open the online photo sites when we are comfortable that there is no threat to the security of our members' data.”
Cached web pages also revealed that PNI Digital Media powered Sam's Club and Tesco's respective photo center websites, which were both down on Monday. The Sam's Club photo website indicated that customer credit card data is not believed to be at risk, and the Tesco photo website simply stated that Tesco Photo is down for maintenance.
In a statement emailed to SCMagazine.com, Adam Levin, chairman and founder of IDT911 and former director of NJ Division of Consumer Affairs, said that businesses need to remember that hackers often infiltrate corporate systems through third-party vendors.
“Businesses need to get the big picture and make sure that they hire vendors that have a track record of strong security practices, or demand [that] their vendors [adhere] to the toughest security standards,” Levin said.