A massive hack of customer information at Canadian-based online photo ordering software specialist PNI Digital Imaging has closed down the online photo ordering businesses of some of the biggest names in North American and UK retailing, including Walmart (Canada), Costco, Sam’s Club, CVS, Rite Aid and Tesco (UK).
Operating via these stores and others, PNI operates some 8000 kiosks and handles over 18 million transactions a year, according to its website. More than 30,000 retail locations are connected to the PNI Digital Media platform, according to a 2014 press release.
Walmart in Canada closed down its online photo services about three weeks ago and still hasn’t recovered, and the other stores mentioned also continue to be offline, indicating the severity of the situation. (Adultery facilitation website Ashley Madison is already back online and apparently secure following its more notorious breach of customer data!)
Walmart Canada said it closed the site following a ‘potential compromise of customer credit card data.’ Walmart US does not appear to be using PNI software.
CVS and Walmart Canada have asked customers to monitor their credit card transactions closely for unauthorised charges.
Payment information on the websites of the chains mentioned is collected by PNI Digital Media. Ironically, the owner of PNI, office goods giant Staples (which aquired PNI last year for CDN$74 million) does not use the PNI platform. It’s online photo and print services are ‘powered by EFI Digital Storefront’.
‘We take the protection of information very seriously. PNI is investigating a potential credit card data issue, and outside security experts are assisting in the investigation,’ said Kirk Saville, vice president, global communications at Staples Inc.
PNI itself hasn’t made any public comments.
Both photo websites and mobile apps have been suspended by the impacted chains.
PMA CEO Georgia McCabe has identified a lack of engagement by mass merchants in the quality of the service delivered by third party online service providors as a weakness in the current business model:
‘When the mass adoption of digital cameras began in 2000, many mass retailers relied on specialty companies to quickly start their online photo retailing activities and without the need to deal with the actual transactions, merchandising models and hosting services. As a result, there has been no mass retailer taking the lead to drive these services forward.
‘This temporary security issue should be taken as a wake-up call highlighting to the whole industry that a comprehensive business model is now long overdue.’