CVS: photo site user info possibly stolen in July hacking
The company's main CVS.com website, the computer system used by its pharmacies, its optical website and its MinuteClinic online bill pay site, all were not affected by the breach.
Staples Inc., the parent company of Canada-based PNI Digital Media, which manages all of the sites, says that based on its investigation so far, it appears that the hackers breached PNI's computer systems and used malware to capture user information on the company's servers.
"The company is working with outside security experts to determine the nature and scope of the incident, including what user data was impacted and the time period involved," Staples' statement read.