Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack. Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch. Today, Shutterfly disclosed that its network was breached on December 3rd, 2021, due to a ransomware attack. During ransomware attacks, threat actors will gain access to a corporate network and steal data and files as they spread throughout the system. Once they gain access to a Windows domain controller, and after harvesting all valuable data, they deploy their ransomware to encrypt all network devices. According to Shutterfly’s data breach notification, the Conti threat actor deployed the ransomware on December 13th, 2021, when the company first became aware that they were compromised.  “The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you,” reads Shutterfly’s data breach notification filed with the California Attorney General’s Office.