Photography site Shutterfly is dealing with a ransomware attack

The company said that no financial information was included in the attack.
(Photo by Lester Cohen/Getty Images for Shutterfly)

American photography company Shutterfly has experienced a ransomware attack on parts of its networks, the company confirmed in a statement late Sunday night.

“We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident,” the company said in a statement shared with CyberScoop.

The incident interrupted portions of the company’s Lifetouch and BorrowLenses business, Groovebook, manufacturing and some internal corporate systems. The Daily Beast first confirmed the attack.

The company declined to comment on whether it was actively negotiating with the cybercriminals behind the ransomware attack. The company says that credit card, financial account information and Social Security numbers were not affected.


“However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing,” the company said.

The attack appears to be the work of the Conti ransomware group, according to screenshots of the gang’s leak page first obtained by cybersecurity news outlet Bleeping Computer.  Stolen data shown on the screenshots “include legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and what appears to be customer information, including the last four digits of credit cards.”

Conti runs “double extortion” campaigns in which hackers encrypt and steal files. In the scheme, they demand a ransom from the victim in order to restore access to the systems; if the victim doesn’t pay, the actors threaten to leak the stolen data.

Conti has been linked to several major attacks, including against the Tulsa police and Ireland’s public health system. The Department of Homeland Security’s cybersecurity agency, the FBI and National Security Agency in September warned of an increase of Conti ransomware attacks.

The ransomware attack did not impact, Snapfish, TinyPrints or Spoonflower sites, according to the company.


Updated 12/27/21: To include additional information from Shutterfly.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts