Costco Wholesale Corporation has warned customers in notification letters that their payment card information might have been stolen while recently shopping at one of its stores. The retail giant (also known as Costco Wholesale and Costco) is an American multinational that operates a large chain of membership-only retail stores, the fifth-largest retailer worldwide, and the 10th largest corporation in the US by total revenue according to Fortune 500 rankings. It has 737 warehouses worldwide and it also operates e-commerce websites targeting multiple world regions, including the Americas, Europe and Asia. Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel. The company removed the device, notified the authorities and is now working with law enforcement agents who are investigating the incident.
Niamh Muldoon, Global Data Protection Officer at OneLogin, said: “The important thing is to highlight that the individuals/end-users of these payment services control access to their card services along with the eCommerce sites where they store their payment card services details. In the EU/EEA region, strong customer authentication is now a regulatory requirement so those offering payment services need to support the end-users/customer by providing them with strong customer authentication set out by the regulation, and this is Multi-Factor Authentication.”