Leave a comment

Credit card breach at CVS and Wal-Mart's photo vendor

The days of dropping your camera film off at the drugstore to get processed are long gone. However, if you don't want the hassle of printing your own photos at home, the drugstore is still an option.

CVS, the popular pharmacy chain, offers photo-printing services through the site CVSphoto.com. You can upload your pictures and pick them up at the nearest store, or have them sent to you. It's convenient, but if you've used that service in the past, you're now at risk.

CVSphoto is run by a third-party service called PNI Digital Media, which also provides photo services for Costco and Wal-Mart Canada. It seems that PNI has had a breach of its credit card system.

While there hasn't been an official statement from PNI, both CVS and Wal-Mart Canada are investigating a possible breach, and CVS has shut down CVSphoto.com for the moment. If you visit, this is what you'll see:


"We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience. Customers who provided credit card information for transactions on CVSPhoto.com are advised to check their credit card statements for any fraudulent or suspicious activity and to call their bank or financial institution to report anything of concern. Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com, optical.cvs.com, cvs.com/MinuteClinic on line bill pay and our pharmacies. Financial transactions on CVS.com, optical.cvs.com, cvs.com/MinuteClinic and in-store are not affected. Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We are working closely with the vendor and our financial partners and will share updates as we know more. For more information, call 1-800-SHOP-CVS."

So far there's been no word from Costco about any breach, but use its online photo service with caution until the situation clarifies.

KrebsonSecurity does raise an interesting point that Staples bought PNI a year ago and Staples has experienced its own massive data breach last year. It could be related, or something new.

In the meantime, if you've had photos printed through CVSphoto, Wal-Mart Canada or Costco, keep an eye on your bank account for any unusual activity. We'll keep you updated as more details arrive.

Next Story
View Comments ()
Silicon Valley techies are consulting witches on cybersecurity
Previous Happening Now

Silicon Valley techies are consulting witches on cybersecurity

Check out these amazing new Pluto images
Next Happening Now

Check out these amazing new Pluto images