Shutterfly said this week that parts of its network were hit by a ransomware attack.
The company’s Shutterfly.com, Snapfish, TinyPrints, and Spoonflower websites are not impacted, but “portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions,” the company said.
Shutterfly does not store credit card, financial account information, or the Social Security numbers of Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, “so none of that information was impacted in this incident,” Shutterfly said. But it’s still working to understand “the nature of the data that may have been affected.”
The company “engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.”
According to BleepingComputer, Shutterfly was hit with Conti ransomware that locked more than 4,000 devices and 120 VMware ESXi servers. The hackers are demanding millions from Shutterfly, and say they will post stolen files online if Shutterfly doesn’t pay up.
Recommended by Our Editors
According to an October report from NordLocker, the Conti ransomware group was responsible for at least 450 attacks since 2020.
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.