CVS warns photo website likely hacked, credit card data ‘may have been compromised’

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
CVS photo website hacked

CVS photo website hacked

NEW YORK — CVS Photo, the popular website where you can upload digital images and pick up prints at the pharmacy, appears to have been hacked.

Customer credit card data “may have been compromised,” the pharmacy explained. In cases like these, it’s typically hackers who break in and steal large batches of payment information.

On Friday, the company shut down CVSphoto.com and its smartphone app. The website appeared blank with a message from CVS. The company places responsibility squarely on a contractor that ran the service.

CVS did not name the other company.

The pharmacy made clear that its photo printing website is completely separate from its medical and pharmaceutical business, so patient data isn’t likely affected.

CVS said it’s now investigating the matter to determine what, if anything, was actually stolen.

CNNMoney asked the pharmacy whether hackers might have also stolen photos customers uploaded, but CVS did not immediately reply.

In what’s become the mantra of every hacked company, CVS also issued this statement: “Nothing is more central to us than protecting the privacy and security of our customer information, including financial information.”

The company’s posted a statement on its website:

We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience.

Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected.

Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We are working closely with the vendor and our financial partners and will share updates as we know more.

For more information, call 1-800-SHOP-CVS.

1 Comment

  • not_yours

    So when are we as consumers going to finally have enough of this behavior from the “BIG” corporations?
    How do we tolerate this again and again? We see this happening with too many companies and then we continue to shop and spend and provide more and more data then ever, with out a question being asked. Just last night I went for a haircut and the person checking me in said, I can’t give you a haircut without you providing your name and phone #. I said OK, my name is James T. Kirk and you can beam me up! My phone # is not relevant to somebody cutting my hair. Come on America stand up and tell the corporations enough is enough! CVS “The company places responsibility squarely on a contractor that ran the service.” CVS HIRED the contractor to provide a service, isn’t it my responsibility as a “consumer” to ensure that I am getting what I pay for? That it is buyer beware when it comes to consumer goods? So how is this ANY DIFFERENT?

Comments are closed.