Retailers CVS, Costco and Walmart Canada have shut down their photo processing websites and related mobile photo services after suspicions of data breach that may have leaked credit card information of customers.
The companies also said they were investigating the breach, urging customers to check for unusual transactions in their credit card accounts. They added that their other services were not affected by the attack.
The companies' photo sites are hosted by Vancouver-based PNI Digital Media, which is owned by Staples that suffered a separate hacking attack in 2014. PNI Digital also collects customers' credit card information.
"PNI is investigating a potential credit card data security issue. If an issue is discovered, it is important to note that consumers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis," a spokesperson for Staples was quoted as saying by media reports.
PNI Digital says on its website that it powers "19,000 retail locations and 8,000 in-store kiosks". It is yet to be known if other retailers serviced by the firm were affected.
None of the retailers detailed how many of their users might have been affected by the cyber-attack, which was first reported by internet security news site Krebs on Security.
Walmart's photo-processing site for US customers is not believed to have been compromised, according to the New York Times.
There have been a number of hacking attacks on North American retailers in recent years. In 2013, information on as many as 100 million Target customers was comprised in a data breach.
Other retailers affected by cyber-attacks include Neiman Marcus, Staples, Michaels Stores and Aaron Brothers.