Costco’s Online Photo Services Back Up After Breach, Customers’ Cards May Have Been Compromised

Screen Shot 2015-09-08 at 2.24.33 PM

Costco officially relaunched its photo center site on Tuesday. [Click to enlarge]


If you like viewing and ordering prints of your digital photos from the comfort of your own home and then traipsing to the local Costco to pick up your memories, then we’ve got good news: Costco has finally relaunched its online photo services website after taking the site down upon discovering a breach in July. But there’s also a bit of bad news: some customers’ credit card information may have been captured in the year-long hack.

After delaying the relaunch of its photo site three times since it was revealed that online photo service management company PNI Digital Media was hacked, Costco announced today that customers can once again place orders for prints, postcards, greeting cards and other photo-centric products, and warned some users that their credit card information may have fallen into the wrong hands back in mid-July.

“Let us begin by apologizing for all of the inconvenience, frustration and concern created by taking the Costco Photo Center offline,” the company said in a notice on its photo center page. “We recognize the value our members place on their memories, and we are very sorry for the lengthy downtime experienced on our site.”

In a FAQ related to the relaunch of the photo site, Costco says that while photos weren’t compromised, “we believe that the credit card information of a small percentage of Costco members was captured.”

The company says that although the investigation into the hack is incomplete, it’s believed that users who placed mail orders for home delivery through the site may have had their credit card information, mailing address, as well as username and password compromised.

Those who placed orders for pick-up at Costco stores may have had their username and password compromised.

The hack on PNI – which affected other retailers including Sam’s Club, CVS, Rite Aid and Tesco – took place between June 2014 and July 2015, when it was discovered, Costco says.

Costco said on Tuesday that relaunching the photo center site took so long because PNI completely rebuilt the retailer’s operations to include security measures applied at a variety of levels.

“Both Costco and our third-party vendor have been focused on quality and security,” the company says.

As a continued safety precaution, Costco has only made consumers’ stored photos from 2014 and 2015 accessible; photos from 2013 and before will be available in the coming weeks.

Additionally, the services’ mobile app is not available, but should be by late September, the company says.

To mark the relaunch of its site, Costco is providing customers with a variety of discounts on photo prints and products.

A quick look at the photo sites for other affected retailers shows they continue to be down.

Back in July, PNI Digital Media – which is owned by Staples – announced it was the latest victim of a hack, with several retailers in the U.S., Canada and the U.K. temporarily shutting down their photo sites.

Staples acknowledged that PNI was investigating a potential credit card data issue, but didn’t specify which retailers were affected.

Still, Costco, Sam’s Club, CVS, Rite Aid and Tesco quickly took action to shut down their online photo sites after being notified by Canadian-based PNI of the possible breach or after hearing reports from other retailers.

[via GeekWire]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.