CHICAGO–Several major retailers, including CVS and Rite-Aid, have shut down their online photo processing after learning that customer’s credit card data may have been breached as a result of a common third party.
But some of the companies indicated they also do not believe customers’ card data was compromised, although other personally identifiable data likely was.
Other companies involved include Sam’s Club and Walmart Canada.
According to Krebs on Security and several other reports, the breach took place at Vancouver, B.C.-based PNI Digital Media, provider of a “transactional software platform” that is used by the retailers.
In response, CVS has taken down its CVSphoto.com and has published a statement that “We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised…Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected.”
Rite-Aid issued a similar statement, but identified PNI Digital Media as the potential culprit after similarly shutting own its mywayphotos.riteaid.com. "The data that may have been affected is name, address, phone number, e-mail address, photo account password and credit card information,” Rite-Aid said.