CNNMoney reported that the company said customer credit card data “may have been compromised”.

CVS’ online photo service remained shut down Friday, a day after the company acknowledged that it may have been hacked and that credit card information may have been stolen from it. The two companies both work with third-party vendor PNI Digital Media, which provides online photo center services.

Security expert Brian Krebs, who first called attention to the breach this morning, also noted that Walmart Canada discovered a similar breach in its online photo site last week. PNI describes its services as a “proprietary transactional software platform”.

“We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised”, the company wrote. As of September 30, 2014, the Retail Pharmacy Segment includes 7,779 retail drugstores, online retail pharmacy websites, CVS.com and Onofre.com.br, 17 onsite pharmacy stores and retail healthcare clinics.

University of California (UCLA) Health, which runs four hospitals in the university’s campuses, and drug retailer CVS Health Corp’s CVSphoto.com became the latest victims of cyber attacks. “We apologize for the inconvenience”, Mike DeAngelis, CVS’ director of public relations said via email.

Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. “We are working closely with the vendor and our financial partners and will share updates as we know more”, the note on the site read.