« Disaster Recovery

Third party online photo retailer breach affects major chains

Data breach spans multiple companies.
Data breach spans multiple companies.

When selecting an outside supplier, make sure its data security meets your own company's standards, as their problems may soon become your own.

This is the case with PNI Digital Media, a division of office supply retailer Staples, that is suspected of suffering from a data breach that affects customers across many major retailers.

PNI is an online retailer that partners with major companies, like CVS and Sam's Club, to sell personalized products with customer's photos. According to Krebs on Security, which first reported the breach, PNI's website stated that they generate over 18 million transactions a year across all of their retail partnerships, but the information was removed following the report of the data loss. PNI has yet to officially comment on the potential hack.

The incident came to light when CVS announced last month that it was investigating a possible credit card breach on its photo website. On July 17, the company temporarily shut down CVSphoto.com and issued a warning statement on its online portal to its customers about the problem.

"Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We are working closely with the vendor and our financial partners and will share updates as we know more," the statement reads.

According to Krebs on Security, news of the CVS hack comes just days after another PNI run photo service, one affiliated with Walmart Canada, reported a breach as well.

PNI has similar business partnerships with Costco, Rite Aid, Sam's Club, Tesco and Walgreens, among others. As a precautionary measure, Costco, Rite Aid and Tesco have taken down their photo websites following the news, with Krebs expecting others to follow suit. Tesco's site simply states "down for maintenance," while the others explain about the potential security issue.

Companies that have yet to develop their own disaster recovery strategy can partner with a business continuity consultant that has extensive experience with these issues.