NEW YORK (KRON/AP) – CVS on Friday said it has begun notifying customers about a security breach of its photo website that may have resulted in the theft of some customer information.
The nation’s second-largest drugstore chain said investigators have confirmed that the company that manages CVS’s photo website was indeed hacked this summer.
The site has been shut down since July after the breach was detected. The photo sites of Rite Aid, Costco and Wal-Mart Canada also were affected in the breach.
A spokesman for CVS Health Corp. wouldn’t say how many customers were being notified, or comment beyond the note to consumers posted on CVS’s photo website.
The Woonsocket, Rhode Island-based company says the main CVS.com website was not affected by the breach. The main computer system is used by its pharmacies, its optical website and its MinuteClinic online bill pay site.
Sales made in CVS stores also were not affected.
The Rite Aid and Wal-Mart Canada sites also remained down Friday afternoon, while the Costco site has restarted limited operations.
Staples Inc., the parent company of Canada-based PNI Digital Media, which manages all of the sites, says that based on its investigation so far, it appears that the hackers breached PNI’s computer systems and used malware to capture user information on the company’s servers.
But it says that there’s no sign that hackers accessed user photos or pin numbers.
“The company is working with outside security experts to determine the nature and scope of the incident, including what user data was impacted and the time period involved,” Staples’ statement read.