Walmart Data May Have Been Stolen…Again

2013 Report Found that Company Shares Data with More than 50 Third-Parties

Walmart customers may have had their credit card data stolen by hackers, according to recent news reports. The data was stolen from a third-party, PNI Digital Media, which reportedly operates some of Walmart’s online photo processing store.  Although Walmart has not disclosed the number of customers impacted by the breach, the company did take the step of temporarily closing some of Walmart Canada’s online photo site.

Data breaches are familiar territory for Walmart, which is working hard to catch up with competitor Amazon. The company experienced breaches of data multiple times over the years.

In Walmart’s case, this news of a new breach is particularly unsurprising, given that a 2013 study by the Center for Media Justice, ColorOfChange.org and SumOfUs found that Walmart shares consumer data with more than 50 different third parties.

The report, “Consumers, Big Data, and Online Tracking in the Retail Industry,” found that Walmart invades the online privacy of its consumers easily, secretly, and without accountability. In fact, the report found that Walmart could have the personal data of more than 145 million Americans and that the fact that company shares data with so many third parties is largely obscured by the company’s 4,500-word privacy policy.

In their story on the recent breach, the New York Times interviewed a security expert who emphasized that these third-party vendors can often put consumer data at risk:

Adam Levin, founder of the security firm IDT911, said the breaches highlighted the importance of more rigorously vetting I.T. vendors at a time when companies outsource more and more of their technology operations. Vendors have often proved to be the weakest link, he said.

The 2013 report also found that Walmart’s massive data collection held the potential for systematic data-driven discrimination by the company.    The groups called on Walmart to:

  • Be transparent. –
    • Explain, in a clear and accessible fashion, how Walmart and their many third party partners are using the consumer information they collect.
    • Implement common sense limits to the company’s ability to profile users, similar to many of those recently adopted by the European Union Parliament.
  • Give us choices.
    • Give users the right to have their data deleted and allow consumers to comprehensively “opt-out” of future online tracking. This includes honoring Do Not Track signals.
  • Be fair.
    • Explain how the company’s use of predictive intelligence shapes marketing and other business practices, and what safeguards are in place to ensure that it does not result in digital redlining or other forms of discrimination.

The newest data breach suggests Walmart has a long way to go protecting consumer privacy.

What do you think?