Online photography platform Shutterfly is the latest high-profile company to fall victim to a hacking attack.  The company recently disclosed that in December of last year (2021) they were targeted by the Conti gang, who successfully breached their system and initiated a ransomware attack. The company’s breach notification statement was sent to impacted users and filed with the California Attorney General’s Office in the aftermath of the attack.

Their statement reads in part as follows:

“The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you.

We believe the access occurred on or about December 3, 2021. We discovered the incident on December 13, 2021.”

Their statement goes on to say that a large amount of data was stolen, and that it included employee personal information. Some of the information taken were names, addresses, salaries, login credentials for an unspecified number of Corporate Services users, and a wide range of customer information including at least the last four digits of credit card numbers kept on file.

Unfortunately, we don’t yet have a good accounting of exactly how many users, employees, or customers may have been impacted by the breach.  What is known is that so far, the company has decrypted more than 4,000 devices and more than 120VMware ESXi servers belonging to Shutterfly. Also, the investigation into the matter is ongoing at this time.

If you are a Shutterfly customer who was impacted by the attack, you’ve almost certainly received a copy of the official breach notification at this point.  If you’re a customer and you haven’t received one, you may want to reach out to the corporate office to check the status of your account.

Finally, out of an abundance of caution, if you have an account with Shutterfly you should probably change your password right away. If you’re using that same password on other web properties, change those too.

This will certainly not be the last such incident we hear about in 2022, so stay vigilant out there.

Related Posts - TKS Blog
The Hidden Cost of Delaying Microsoft 365 Cloud Modernization
If you’ve been telling yourself, “We know we should move to the cloud… just not yet,” you’re not alone. A lot of organizations feel that...
Read more
February 17, 202611:22 am
Cloud Computing for Business Growth: Scalability, Migration & Multi-Cloud Strategy
Organizations that rely solely on traditional, on-premises infrastructure often struggle with scalability, rising IT costs, limited agility, and increased operational risk. Cloud computing technology has fundamentally...
Read more
February 16, 20264:38 pm
HIPAA Compliance and Cybersecurity in 2026
Imagine this: A single stolen laptop containing patient records could cost your organization millions in fines, lawsuits, and lost trust. Now imagine that same incident...
Read more
January 18, 202611:54 am
Cybersecurity in 2026: Resolutions Every Business Owner Should Make
A New Year Offers the Perfect Moment to Refresh Your Security Strategy The calendar has flipped to 2026, and while personal resolutions are top of mind,...
Read more
January 16, 202611:57 am

Used with permission from Article Aggregator