Shutterfly Says Ransomware Attack Impacted Manufacturing

Shutterfly, an online platform for photography and personalized products, has confirmed that some of its services have been affected by a ransomware attack.

Operating multiple services and brands – such as BorrowLenses, GrooveBook, Lifetouch, Shutterfly, Snapfish, Spoonflower, and Tiny Prints – the online retail and manufacturing platform helps users create products such as a cards, gifts, home décor, invitations, photo books, and more.

The recent ransomware attack, the company told SecurityWeek in an emailed statement, impacted parts of its network, including manufacturing and corporate systems.

“Portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions,” Shutterfly said.

The company also noted that the Shutterfly.com, Snapfish, Spoonflower, and TinyPrints sites were not affected.

Shutterfly, which continues to work on addressing the incident, also says third-party cybersecurity experts have been contracted to help with the investigation.

While it has yet to assess the full scope of the breach, the company said that the incident did not impact the credit card data, financial information or social security numbers of BorrowLenses, Lifetouch, Shutterfly.com, Snapfish, Spoonflower, or TinyPrints customers, as no such information is stored on the company’s systems.

“However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing,” Shutterfly said.

The company refrained from sharing further details on the incident or the type of ransomware that was used in the attack. Reports suggest that the Conti gang was involved, but the Conti leak website currently does not mention Shutterfly.

Related: IT Services Firm Inetum Discloses Ransomware Attack

Related: Organizations Targeted With Babuk-Based Rook Ransomware

Related: PYSA Dominated the Ransomware Landscape in November: Report