CVS investigating credit card breach on photo site

CVS is warning customers of its online photo printing service that their credit card data may have been breached.

The website was inactive Friday, replaced by a note from the company that read, "We have been made aware that customer credit card information collected by the independent vendor who manages and hosts may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience."

Security expert Brian Krebs pointed out on his site that last week Walmart Canada reported a similar breach of its photo site. The two companies both work with third-party vendor PNI Digital Media, which provides online photo center services.

CVS and PNI were not immediately reachable for comment.

CVS specified in its statement that online photo customer accounts are "completely separate from and our pharmacies," and that "financial transactions on and in-store are not affected."

  • Amanda Schupak

    Amanda Schupak is the science and technology editor at