What to do about the online photo service breach at Costco, CVS


Investigators now say the photo websites of several chains — Rite Aid, CVS and Costco, among others– were successfully hacked. Member’s photos were not part of the security compromise, according to Costco. But there are a few steps I want you to take to protect yourself.

What you can do about the online photo service hack

It turns out the people who manage all the photo sites for these various players is…Staples! Who knew that behind the curtain it was the office supply chain? Right now, it looks like hackers were able to break into the computer systems of PNI Digital Media, a Staples subsidiary, and load malware in.  Then they were able to capture info there.

Here’s the thing: It’s still not clear what info is in hacker’s hands. Costco is reporting that ‘members who typed credit card numbers onto the site during the compromise window had credit card information (including security code and expiration date) taken, along with other information that may include name, phone number, billing address, email address, password and ship-to information.’ But that could vary widely by retailer.

The malware appears to have been active from June 19, 2014 to July 15, 2015. This hack has been so serious that many of the photo sites are not entirely working still. This hack is one that data experts haven’t been able to clear the decks on and say the system is clean and clear.

I know this info is still not enough to make you feel good, but I did want to give the update.

The truth? Just about any database out there could be subject to any kind of hack. That’s why protecting your personal info is important. Consider taking the following steps.

Read more: Fake package tracking notification could be malware

Do a credit freeze

A credit freeze allows you to seal your credit reports so no new applications for credit can be initiated in your name without your knowledge. When you do a credit freeze with the 3 main credit bureaus, you get a PIN that only you know.

This PIN can be used by you to temporarily ‘thaw’ your credit so that legitimate applications for credit and services can be processed. Without this PIN, a criminal would not be able to establish new credit in your name even if they are able to take over your identity.

Freezing your credit files has no impact whatsoever on your existing lines of credit, such as credit cards. You can continue to use them as you regularly would even when your credit is frozen.


Watch your statements carefully

If you’re among the affected, you need to go through your credit card and debit card statements this month and next month with a fine tooth comb. Identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.

Read more: Beat the ransomware that holds your phone hostage for $500!

Want money-saving advice for your wallet? See our Scams section.

  • Show Comments Hide Comments