Newsroom

July 20, 2015

CVS, Costco photo services hacked

CVS has closed its online photo service, CVSphoto.com, and announced that credit card information collected through the site may have been compromised in a breach.

Costco also took its photo service offline, and noted that "there may have been a security compromise of the third party vendor … This decision does not affect any other Costco website or our in-store operations."

A statement on CVS photo service's website said, "As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services ... Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected."

KrebsOnSecurity linked the potential breach to a third-party company called PNI Digital Media, which is also used by Walmart Canada, which announced recently it was investigating a breach of its photo service website.

In the wake of continuing retailer data breaches, NAFCU continues to voice its support for a strong national standard. NAFCU urges lawmakers to support S. 961, the "Data Security Act," which would create a strong national data security standard for retailers, require notice to consumers in the event of a breach and recognize credit unions' compliance with the Gramm-Leach-Bliley Act.