Shutterfly reports impacted by MOVEit, but no customer data exposed

Shutterfly, an online retail and photography manufacturing platform, has become the latest reported victim exploiting vulnerabilities in the MOVEit File Transfer utility. Shutterfly offers a range of photography-related services through various brands such as Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.

Shutterfly has confirmed that it was impacted by the MOVEit vulnerability, particularly within its enterprise business unit, Shutterfly Business Solutions (SBS), which utilized the MOVEit platform for certain operations.

In response to the vulnerability, Shutterfly took immediate action upon discovering it in early June. This included taking relevant systems offline, implementing patches provided by MOVEit, and initiating a forensic review of specific systems with the assistance of leading forensic firms.

While Shutterfly did not disclose the ransom demand amount, it assured customers and employees that their data remains secure. After conducting a thorough investigation with the help of a reputable third-party forensics firm, the company found no evidence to indicate that any customer data from Shutterfly.com, Snapfish, Lifetouch, or Spoonflower, nor any employee information, was impacted by the MOVEit vulnerability.