Shutterfly data breach in December exposed employee data

GaryPageau , , ,

Online retail and photography manufacturing platform Shutterfly has disclosed that the December ransomware attack included a data breach that exposed employee information. Shutterfly is offering two years of free credit monitoring from Equifax for those affected.

Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.

“The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you,” reads Shutterfly’s data breach notification filed with the California Attorney General’s Office.

Shutterfly states the documents stolen during the attack may have contained employees’ personal information, including names, salary and compensation information, and FMLA leave or workers’ compensation claims. According to Security Week, “Conti gang” claimed responsibility for the attack in January: “On their leaks website on the Tor network, the group published roughly 7 gigabytes of data allegedly stolen from Shutterfly, including several archives that appear to contain employment agreements, financial and legal documents, payroll data, and more.”

 

Written by 

Gary Pageau is principal of InfoCircle LLC, continuing his marketing communications career. InfoCircle LLC is a marketing and communications consulting firm, specializing in business-to-business markets. For nearly 25 years, he was with PMA International, serving most recently as Publisher, Content Development and Strategic Initiatives. His primary responsibilities included overseeing the Association’s editorial department, marketing research unit, education and corporate relations department.