The pharmacy chain CVS took down its CVS Photo website today and replaced it with a warning that “customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised.”
The company is shutting down access to online and mobile photo services “as a precaution” while the investigation goes on.
Security expert Brian Krebs, who first called attention to the breach this morning, also noted that Walmart Canada discovered a similar breach in its online photo site last week.
The announcement on CVSphoto.com says that “Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies,” and that transactions in-store or at CVS.com don’t appear to be affected.
The company promises to offer updates as more information becomes available, and in the meantime, anyone seeking more information is invited to call 1-800-SHOP-CVS.