A potential data breach at a third-party provider has resulted in the shut down of retail photo-printing services at a number of chains, including CVS, Costco, Rite Aid, and several others.

The breach reportedly hit PNI Digital Media, a Canadian company that provides the online photo platform for many retailers. The company was acquired by Staples in 2014. The first signs of the breach began appearing in the last couple of weeks, as CVS closed its online photo printing site and Walmart did the same for its stores in Canada.

“We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience. Our in-store photo centers are not affected and remain in service,” a message on CVSPhoto.com says.

“Customers who provided credit card information for transactions on CVSPhoto.com are advised to check their credit card statements for any fraudulent or suspicious activity and to call their bank or financial institution to report anything of concern.”

The other chains affected by the apparent breach also have taken their photo sites offline in response.

“We take the security of our members’ data seriously, which is why we are taking this precautionary step,” Costco said in a statement on its site. 

Officials at Staples did not return a message seeking comment.

Categories: Hacks, Web Security