Costco’s Photo Center Hacked, Customers’ Personal Information Breached

In a series of FAQs on its website and emails sent to its customers, retailer Costco has confirmed that its Photo Center website was hacked by malicious attackers looking for personal and financial information of its customers.

Retailing behemoth Costco has informed its customers of a data breach that exposed their credit card information and personal details in a hack targeting its Photo Center website that may have lasted an entire year between June 2014 and July 2015.

The bottom line? Any customers who logged into their Costco Photo Center account or created one between those months have had their email, address and password compromised, along with credit card information typed in while ordering photos from the website.

Costco has not revealed the number of affected customers from the breach while revealing other details from the hack in an FAQ section on its Photo Center website.

The Photo Center website was taken offline on July 17 after the breach and is now back online with added security, according to the retailer. The retailer stated that all stored credit card information was deleted during the process of implementing better security.

Costco also confirmed that the compromise of customer details only affected its Photo Center website and did not impact its main domain –

In a notice sent to its customers informing them of the compromise, as revealed by Kare news, Costco said:

You are receiving this notice because you have a Costco Photo Center online account, and there is a possibility that if you logged on during the affected time period, your email address and password were compromised

“Our investigation indicates that some Costco members who typed credit card numbers onto the site during the compromise window had credit card information (including security code and expiration date) taken, along with other information that may include name, phone number, billing address, email address, password and ship-to information.”

Costco has promised a “new payment technology” with “enhanced security features” will be implemented by October this year, to improve its credit card payment security.

The company has also provided a year’s worth of identity theft protection to all affected customers, for free.

Image from BasPhoto / Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.