As more details emerge about the recent mega breach affecting CVS, Costco, Walmart, RiteAid, and Tesco, security experts are zeroing in on an often-overlooked element in a company’s cyber defenses: its business partners.
The common thread between these companies is a third-party vendor called PNI Digital Media that provides photo processing websites and services for 19,000 retail locations. Similar to the massive 2013 Target breach in which hackers gained access to the company’s network via an unsecured heating and cooling vendor, it appears hackers leveraged trusted digital connections PNI had to these retailers, to compromise their systems.
