Photo platform Shutterfly has announced that employee information has been compromised after data was stolen in a Conti ransomware attack.
An unauthorized third party has gained access to our network. This was a so-called “ransomware” attack.
The attacker locked down part of our system and accessed some of the data on that system.
This included access to the personal information of certain people, including our customers. We believe this access occurred on or about December 3, 2021.
Shutterfly provides photography-related services to consumers, businesses and educational institutions through its various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish and Lifetouch.
Shutterfly has announced that its network was compromised by a ransomware attack on December 3, 2021.
In a ransomware attack, the attacker gains access to the corporate network and steals data and files while spreading throughout the system; after gaining access to the Windows domain controller and harvesting all valuable data, the ransomware is deployed and all network devices are Encryption.
According to Shutterfly’s data breach notification, the Conti attackers deployed the ransomware on December 13, 2021.
Conti said it has encrypted more than 4,000 devices and 120 VMware ESXi servers owned by Shutterfly.