Newsroom
July 20, 2015
CVS, Costco photo services hacked
CVS has closed its online photo service, CVSphoto.com, and announced that credit card information collected through the site may have been compromised in a breach.
Costco also took its photo service offline, and noted that "there may have been a security compromise of the third party vendor … This decision does not affect any other Costco website or our in-store operations."
A statement on CVS photo service's website said, "As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services ... Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected."
KrebsOnSecurity linked the potential breach to a third-party company called PNI Digital Media, which is also used by Walmart Canada, which announced recently it was investigating a breach of its photo service website.
In the wake of continuing retailer data breaches, NAFCU continues to voice its support for a strong national standard. NAFCU urges lawmakers to support S. 961, the "Data Security Act," which would create a strong national data security standard for retailers, require notice to consumers in the event of a breach and recognize credit unions' compliance with the Gramm-Leach-Bliley Act.
Costco also took its photo service offline, and noted that "there may have been a security compromise of the third party vendor … This decision does not affect any other Costco website or our in-store operations."
A statement on CVS photo service's website said, "As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services ... Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected."
KrebsOnSecurity linked the potential breach to a third-party company called PNI Digital Media, which is also used by Walmart Canada, which announced recently it was investigating a breach of its photo service website.
In the wake of continuing retailer data breaches, NAFCU continues to voice its support for a strong national standard. NAFCU urges lawmakers to support S. 961, the "Data Security Act," which would create a strong national data security standard for retailers, require notice to consumers in the event of a breach and recognize credit unions' compliance with the Gramm-Leach-Bliley Act.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.