The online photo service maintained by CVS was shut down as of Friday (July 17), ABC News reported one day after the site shut down and after the news that CVS may have been hacked, with credit card information possibly having been stolen.
CVS said it had shut down the site, and also had turned off mobile devices tied to the photo service as a precaution, ABC reported.
CVS said on Friday that payment information that stems from the site is collected by a third-party vendor, PNI Digital Media, which is based in Canada. That information, the drug chain stated, is kept separate from both the main CVS.com site and also payments and computer systems used by the company’s pharmacies. That means, according to the company, that payments through those locations, in addition to in-store kiosks, are not affected.
Thus far there has been no disclosure as to how many customers may have been affected, according to Staples, which is the parent company of PNI. Investigations are continuing, and CVS and Staples said they would relay information as it becomes available.
In an interview with ABC, Adam Levin, who heads the security company IDT911 Consulting, told the site that third-party vendors can be the “weak link” in the data security chain, allowing hackers access to sensitive data.
“Businesses need to get the big picture and make sure that they hire vendors that have a track record of strong security practices, or demand from their vendors adherence to the toughest security standards,” Levin said in an email to ABC, as reported on Friday.
The announcement of a possible CVS hack comes just a few days after Walmart said it is also investigating a possible data breach, and credit card theft, tied to its Canadian photo site, which is itself aligned with PNI.