CVS is warning customers of its online photo printing service that their credit card data may have been breached.
The website cvsphoto.com was inactive Friday, replaced by a note from the company that read, “We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised.
As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience.”
Security expert Brian Krebs pointed out on his site that last week Walmart Canada reported a similar breach of its photo site. The two companies both work with third-party vendor PNI Digital Media, which provides online photo center services.
CVS and PNI were not immediately reachable for comment.
CVS specified in its statement that online photo customer accounts are “completely separate from CVS.com and our pharmacies,” and that “financial transactions on CVS.com and in-store are not affected.”