CVS Photo Site Hacked, Credit Card Info Possibly Stolen

In June, pharmacy giant CVS acquired TargetEUs pharmacy business for $1.9B, but it seems it also inherited some of the retailer's bad fortunes. The company has revealed that customer credit card information collected by an independent vendor that manages and hosts CVSPhoto.com may have been hacked.

EUAs a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services. We apologize for the inconvenience,EU according to a message on the CVSPhoto.com homepage. EUCustomer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and our pharmacies. Financial transactions on CVS.com and in-store are not affected.EU CVS did not provide any additional information about the breach.

From November 27, 2013 to December 15, 2013, retail giant Target suffered a data breach that led to the theft of information that was believed to have compromised 40 million customer credit and debit card accounts. About a month after the breach, the company said the theft might have also exposed identifying information such as names, addresses and e-mail addresses of as many as 70 million customers. In February 2014, Krebs on Security broke the news that network credentials stolen from a third-party HVAC vendor were at the heart of the costly breach.

Brian Laing, vice president at Lastline, a security breach detection firm, told us what we should already know after the Target breach: Companies must be sure of their entire supply chains. That includes assuring that other connections into their supply chains are also protected, he said.

EUThis appears to be a case where data may not have been adequately segmented,EU Laing said. EUAttackers were able to get in through first one connection -- which may not have been CVS -- and then use that access to possibly gain access to information from the other related...

Comments are closed.