Shutterfly, an online photography manufacturing and retail website revealed an employee data breach after threat actors stole information of staff and clients during Shutterfly discloses data breach after Conti ransomware attack. Read the comparison between data leak vs data breach.
Shutterfly offers photography-related services to a number of groups, including consumers, businesses, and education, through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.
Shutterfly disclosed that its network was breached on December 3rd, 2021, due to a Shutterfly discloses data breach after Conti ransomware attack.
When ransomware attacks occur on a corporate network, threat actors gain access and spread throughout so they can gather and steal valuable information. Once they’ve breached a basic Windows domain controller, they deploy their ransomware to encrypt all network devices.
On December 13, 2021, Shutterfly first observed the Conti threat actor exploiting their systems. It was after noticing that a hacker had encrypted the servers that Shutterfly informed Demisto of the incident and notified investors of a possible data breach.
“The attacker both locked up our systems and accessed some of the data on those systems,” reads Shutterfly’s data breach notification filed with the California Attorney General’s Office.
We believe the unauthorized entry occurred on or prior to December 3, 2021. We were informed of the incident about Shutterfly discloses data breach after Conti ransomware attack on December 13, 2021. With the use of VPN for Tablet, you can get protect the data from breaching.
Shutterfly suggests that the information stolen in the attack may have contained personal information about employees, including their names, salaries, compensation, and worker’s compensation claims, as well as either FMLA or vacation, leave data.
Shutterfly is offering two years of free credit monitoring from Equifax to those affected by the recent breach.
Shutterfly Hit By Conti Ransomware
After the BleepingComputer headline that Shutterfly had suffered a ransomware attack in December 2018, BleepingComputer broke the news about Shutterfly discloses data breach after Conti ransomware attack in September 2018.
At the time of the attack, a source close to BlinkingComputer told BleepingComputer that Conti had encrypted 4,000 devices and 120 VMware ESXi servers belonging to Shutterfly.
Private data was leaked on a memo page that included data from Shutterfly, which we are currently told includes legal agreements, bank and merchant account info, login credentials for various corporate services, spreadsheets, and what seems to be customer information, including the last four digits of credit cards.
Since then, the Conti ransomware operation has threatened to release 7 gigabytes of data they claim was stolen during the attack, including archives named for finance, legal, customer service, and payroll data.
Shutterfly has partnered with outside cybersecurity experts to further investigate the incident.
Shutterfly recommends employees maintain monitoring of their credit reports and accounts for suspicious activity and remain vigilant.