Shutterfly, an online retail and photo production platform, has revealed that threat actors seized data during a Conti ransomware attack, exposing employee information. Shutterfly’s various brands, including Shutterfly.com, Snapfish, GrooveBook, BorrowLenses, and Lifetouch, provide photography-related services to individuals, businesses, and education. Shutterfly just revealed that their network was hacked on December 3rd, 2021, as a result of a ransomware attack.
Threat actors get access to a business network and steal data and files as they propagate throughout the system during ransomware attacks. They use their ransomware to encrypt all network devices after gaining access to a Windows domain controller and capturing all valuable data. Shutterfly’s data breach notification indicates that the Conti threat actor released the ransomware on December 13th, 2021, when the firm realized it had been hacked.
“The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you,” written in Shutterfly’s data breach notification to the California Attorney General’s Office. “We believe the access occurred on or about December 3rd, 2021. We discovered the incident on December 13th, 2021.”
According to Shutterfly, personal information of employees, such as names, income and compensation data, and FMLA leave or workers’ compensation claims, may have been taken during the incident. Shutterfly is giving two years of free Equifax credit monitoring to anyone affected.
This isn’t the first notification about the cyberattack on Shutterfly; a few media houses broke the news in December only. However, official confirmation from Shutterfly has come now. The
business further said that it continues to investigate the attack with the help of outside cybersecurity experts. On the other hand, Shutterfly advises employees to keep an eye on their credit reports and accounts for any strange behavior and to remain watchful.