CVS announced last week that it was investigating a possible credit card breach on its photo processing website.
On July 17, the company temporarily shut down CVSphoto.com and replaced the online portal with a statement alerting customers of the issue.
"Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We are working closely with the vendor and our financial partners and will share updates as we know more," the statement reads.
CVS uses an independent processor exclusively for the photo site and related mobile services. CVS's other businesses, including their physical locations and CVS.com, were not affected.
According to Krebs on Security, the site is run by a third party called PNI Digital Media, a division of office supply retailer Staples. News of the CVS hack comes just days after another PNI run photo service, one affiliated with Walmart Canada, reported a breach as well.
Krebs' reports that PNI has similar business partnerships with Costco, Rite Aid, Sam's Club, Tesco and Walgreens, among others. As a precautionary measure, Costco, Rite Aid and Tesco have taken down their photo websites following the news, with Krebs expecting others to follow suit. Tesco's site simply states "down for maintenance," while the others explain about the potential security issue.
PNI has yet to officially comment on the potential hack. In addition to the websites, the company operates kiosks and other retail installments allowing customers to purchase products personalized with their photos. The company's website states that they generate over 18 million transactions per year, though Krebs reports that this information as well as their client list was removed from their site upon the news of the CVS breach.
If you run your own retail company and are in need of new payment processor software, be sure to contact 911 Software today! Take a look at the rest of our website to learn more about the high-quality products that we carry.