UPDATE: It’s not just Walmart Canada that’s affected by the potential breach. Several other retailers using the same third party service provider have shut down their photo web sites, including Costco, CVS, Rite-Aid, and Sam’s Club.
Here’s a report from the Globe and Mail about a possible 3rd party credit card breach.
“We were recently informed of a potential compromise of customer credit card data involving Walmart Canada’s Photocentre website, www.walmartcanadaphotocentre.ca, which is operated by a third-party,” said Alex Roberton, director of corporate affairs and social media at Walmart Canada. “We recommend Walmart Canada’s Online Photocentre customers monitor their card transactions closely and immediately alert their financial institution about any unauthorized charges.”
Mr. Roberton said the company has disabled the website and its mobile applications and notified the Office of the Privacy Commissioner of Canada.
Walmart said it has “no reason to believe” its Walmart.ca and Walmart.com destinations or its in-store transactions have been affected.
A source close to the situation told The Globe and Mail that as many as 60,000 customers could be affected.
According to Walmart’s website, PNI Digital Media operates its online photo centre. PNI says on its website that “leading retailers use our proven platform to offer photo prints and photo gifts,” among other services. The company also says its platform handled more than 19 million transactions in 2012 and 18 million last year. It was bought by Staples Inc. in 2014.
With organizations partnering with hundreds (or even thousands) of suppliers to deliver products and services, third party risk is a growing concern for Canadian organizations. Read Iceberg’s Vendor Risk solution brief…