CVS Warns Credit Card Data May Have Been Hacked

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

SAN FRANCISCO, CA - JUNE 15:  A pedestrian walks by a CVS store on June 15, 2015 in San Francisco, California.  CVS Health announced that it has agreed to acquire Target's pharmacy and clinic businesses for an estimated $1.9 billion. (Photo by Justin Sullivan/Getty Images)

NEW YORK — CVS Photo, the popular website where you can upload digital images and pick up prints at the pharmacy, appears to have been hacked.

Customer credit card data “may have been compromised,” the pharmacy explained. In cases like these, it’s typically hackers who break in and steal large batches of payment information.

On Friday, the company shut down CVSphoto.com and its smartphone app. The website appeared blank with a message from CVS. The company places responsibility squarely on a contractor that ran the service.

CVS did not name the other company.

The pharmacy made clear that its photo printing website is completely separate from its medical and pharmaceutical business, so patient data isn’t likely affected.

CVS said it’s now investigating the matter to determine what, if anything, was actually stolen.

CNNMoney asked the pharmacy whether hackers might have also stolen photos customers uploaded, but CVS did not immediately reply.

In what’s become the mantra of every hacked company, CVS also issued this statement: “Nothing is more central to us than protecting the privacy and security of our customer information, including financial information.”

The company’s posted a statement on its website:

We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised. As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience.

Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected.

Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We are working closely with the vendor and our financial partners and will share updates as we know more.

For more information, call 1-800-SHOP-CVS.