It looks like CVS is the latest retailer to be affected by a data breach, as its CVSPhoto.com domain now only shows up with a message advising customers that the independent vendor it uses has been compromised. As a result of the hack, CVS has temporarily taken down its CVS Photo website, and says that during this time it is conducting an investigation into the matter. Customers who used the service with their credit card should be on alert.
According to the message on the CVS Photo website, CVS has been informed that the (unnamed) vendor that both hosts and manages CVSPhoto.com may have had customer credit card information it had collected compromised. The photo service apps and website have thusly been shut down for an unspecified period of time.
CVS Photo customers who used their credit cards on the CVSPhoto.com domain should be on the look out for any credit card transactions showing up on their bank statements that they didn’t make — if one is spotted, they’ll need to contact their bank to get a new card and get the fraudulent charges reversed.
Those who use CVS’s online services but not CVS Photo needn’t worry, the company says. Registrations with customer info for CVS Photo are “completely separate” from its regular CVS.com domain, as well as it optical, Minute Clinic, and pharmacies’ websites. Any transactions that took place through those services and in the stores aren’t at risk.
The company promises to keep its customers updated as it finds out more about what went down.
Image via Mike Mozart