Proactive Steps Prevented a Major Breach at Shutterfly

Three popular stationary companies—Tiny Prints, Wedding Paper Divas and Treat—were compromised in a data breach as announced on Tiny Print’s website. All three entities are owned by Shutterfly, Inc.

Shutterfly is receiving praise for their precautionary steps, swift action and effective communication practices used to address the data breach.

The cyberattack focused on a portion of their database that contained customers’ usernames and passwords for the three web properties. It is unclear who was responsible for the attack, but Shutterfly has since discovered where the attackers penetrated their systems and has resolved the issue. Shutterfly has notified and is currently working with federal law enforcement and an outside forensic team to investigate the matter further.

While the hacker did make off with passwords, it could have been much worse. The hacker could have easily acquired customer payment card information. However, Shutterfly encrypts all customer credit and debit card information so unauthorized parties cannot steal information. Encryption is a key security measure that far too many companies overlook.

Shutterfly also patched the breach and notified customers less than a week after discovery. That is impressive given other organizations typically take their time in notifying customers (i.e. Dairy Queen took nearly two months to officially announce their breach).

Customers have also been provided with a detailed account of what happened in Tiny Print’s press release. Shutterfly is urging customers to change their passwords immediately. If the exposed password is currently being reused on another website you should change that one as well.

One additional security measure that impacted consumers should take is to be cautious of potential phishing emails. Once hackers have your email address, they might try to bombard your inbox with spam or phishing scams (deceptive emails containing links to malicious websites).

For more information on phishing scams, visit Fighting Identity Crime’s Scam Education Center.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.