Shutterfly data breach in December exposed employee data

Online retail and photography manufacturing platform Shutterfly has disclosed that the December ransomware attack included a data breach that exposed employee information. Shutterfly is offering two years of free credit monitoring from Equifax for those affected.

Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.

“The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you,” reads Shutterfly’s data breach notification filed with the California Attorney General’s Office.

Shutterfly states the documents stolen during the attack may have contained employees’ personal information, including names, salary and compensation information, and FMLA leave or workers’ compensation claims. According to Security Week, “Conti gang” claimed responsibility for the attack in January: “On their leaks website on the Tor network, the group published roughly 7 gigabytes of data allegedly stolen from Shutterfly, including several archives that appear to contain employment agreements, financial and legal documents, payroll data, and more.”