Costco Data Breach a Bigger-Than-Expected Problem

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.investopedia.com/stock-analysis/080715/costco-data-breach-biggerthanexpected-problem-cost-spls-cvs-rad-teso-wmt.aspx

Warehouse membership club Costco (NASDAQ: COST) says it needs more time to
secure its photo processing website.

Third-party photo service provider PNI Digital Media was hacked last month,
causing retailers Costco, CVS Health, and Wal-Mart to take down their
respective photo processing websites and post cautionary notes in their
place.

Costco had notified its customers at the time that it was "diligently
working to determine when we can reenable the site, but in all likelihood,
that will not occur until early August." It updated that notice the other
day to essentially say, on second thought, give us another week or so.

PNI, which is owned by office supplies retailer Staples (NASDAQ: SPLS) --
it bought the company a year ago -- discovered the breach on July 17th,
causing a cascade effect of retailers shutting down their services in an
abundance of caution. Other retailers also potentially compromised by the
hack include Rite-Aid and U.K. supermarket giant Tesco.

Costco noted at the time of the breach it was unsure whether customer data
had been compromised: "At this time we cannot confirm whether or not any
members' information was involved, but are doing what we can to ascertain
what might have occurred." Since then, there has been nothing to indicate
that sensitive customer data may have been stolen.

As no other portion of any of the retailers' systems have been affected,
and customers can still bring their photos into the store for processing --
it is just the online system that remains offline -- this remains more of
an inconvenience to customers, not a devastating indictment of the security
policies of Costco or the other retailers.

It may ultimately prove a problem for Staples, which bought PNI for $67
million, one that is now a more intractable issue to solve than many
originally believed.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!