Shutterfly LLC, the operator of several popular e-commerce services focused on the photography market, has suffered a ransomware attack. 

The breach was first reported by Bleeping Computer this morning. According to the publication, the breach was carried out by the Conti ransomware group. The group previously carried out ransomware attacks against more than 400 organizations worldwide, the U.S. Cybersecurity and Infrastructure Security Agency stated in a September advisory.

Redwood City, California-based Shutterfly LLC operates a popular e-commerce service that enables users to turn their photos into personalized products such as photo books and cards. The company also operates several subsidiaries that compete in areas such as the home décor market.

Shutterfly traded on the Nasdaq until 2019, when it was acquired by investment firm Apollo Global Management LLC in a $2.7 billion transaction. At the time of the deal, Shutterfly had about 10 million customers who made more than 26 million orders every year. Thanks to a series of acquisitions that the company made after going private, its installed base has since grown to more than 20 million customers. 

In a statement about the ransomware attack posted on its website, Shutterfly said the breach has affected several parts of its network, though it said Shutterfly.com, Snapfish.com, TinyPrints.com and Spoonflower were not affected.

The company detailed that portions of its Lifetouch and BorrowLenses businesses, along with the Groovebook division, “have been experiencing interruptions.” Shutterfly’s manufacturing operations and certain unspecified “corporate systems” are affected by the interruptions as well.

According to Shutterfly, customers’ financial account information and Social Security numbers are not believed to have been compromised in the breach. 

“We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident,” the company stated. “However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”

Shutterfly has contacted law enforcement and hired outside cybersecurity experts to help it address the incident.    

Image: Shutterfly