July 15, 2015//Tori TaylorLast Updated: May 12, 2022
Shared vendor in the middle of breach – investigations launched
Two major retailers are recovering from security events this week. Both Walmart Canada and CVSphoto.com took down their online photo processing stores due to a possible retail data breach.
Walmart’s breach occurred last week, and the company immediately launched an investigation to understand how 60,000 customers credit cards were compromised.
The retail giant believes the breach is isolated to the online property, adding in an alert posted, “We recommend Walmart Canada’s Online Photocentre customers monitor their card transactions closely and immediately alert their financial institution about any unauthorized charges”
In a very similar circumstance, CVSphoto.com warned of a potential breach. Addressing their customers with a note that replaced the photo site’s homepage, “We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience.”
Krebsonsecurity.com dug a little deeper to further understand this unlikely coincidence. He reported, “The Globe and Mail reported that the third party in the Walmart Canada breach is a company called PNI Digital Media.” Krebs goes on to explain, “According to PNI’s investor relations page, PNI ‘provides a proprietary transactional software platform’ that is used by retailers such as Costco, Walmart Canada, and CVS/pharmacy to sell millions of personalized products every year.” No breach warning has yet been issued by Costco’s online photo store.
This is a perfect illustration of why it’s important to know the security policies of your vendors.
The Huffington Post Canada covers the Walmart incident in this article and the video below.