Updated September 11, 2015: In July, we learned that customer credit card information entered by certain users on CVSPhoto.com, which is operated by PNI Media (an independent third-party vendor who manages the hosted CVSPhoto.com site), was potentially impacted. As a precaution, we immediately shut down access to online and related mobile photo services and began an investigation, which is ongoing.
We continue to work diligently on restoring service to CVSPhoto.com and we expect that our online photos service will resume later this fall. Your images are saved and you will have access to them once service to CVSPhoto.com is restored. Our in-store photo centers are not affected and remain in service.
Investigators have now confirmed that there was an illegal intrusion into PNI's system that potentially resulted in the unauthorized acquisition of data entered by certain users on CVSPhoto.com. In the coming days we will be sending a direct notification to those customers who were potentially affected by this intrusion.
The following websites and operations were NOT affected by this security incident: CVS.com; optical.cvs.com; cvs.com/MinuteClinic on line bill pay; and CVS/pharmacy retail stores. No transactions made on those websites, or in stores, were impacted by this incident.
Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We apologize for this inconvenience. Please visit your local CVS/pharmacy to use one of our Photo Kiosks for all of your photo needs (prints, books, calendars and film processing.)
If you have any questions regarding this incident, please contact our dedicated incident response call center at 888-829-6551. If you have questions regarding other customer service matters, please call 1-800-SHOP-CVS.