NEW YORK — CVS is warning customers that its online photo service may have suffered a data breach and has shut it down.
The nation’s second-largest drugstore chain says the site is being switched off as a precaution and that it has also sealed off related mobile device apps.
Payment information on the site is collected by an outside vendor, CVS Health Corp. says, and it’s kept separate from its main CVS.com website and the computer system used in its pharmacies. Payments made through CVS.com and in CVS stores are not affected.
The company wouldn’t say how many customers could potentially be affected.
Read the full statement from CVS below:
“We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience.
“Customers who provided credit card information for transactions on CVSPhoto.com are advised to check their credit card statements for any fraudulent or suspicious activity and to call their bank or financial institution to report anything of concern.
“Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com, optical.cvs.com, cvs.com/MinuteClinic on line bill pay and our pharmacies. Financial transactions on CVS.com, optical.cvs.com, cvs.com/MinuteClinic and in-store are not affected.
“Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We are working closely with the vendor and our financial partners and will share updates as we know more.”