Shutterfly Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating Shutterfly, LLC about its recent data breach. The Shutterfly data breach involved sensitive personal identifiable information belonging to over 50,000 Shutterfly employees and customers.


Shutterfly is an online retailer of photography and personalized products and services. Founded in 1999, Shutterfly’s family of brands includes Shutterfly, Lifetouch, Snapfish, Tiny Prints, Spoonflower, and BorrowLenses. Shutterfly’s headquarters is in Redwood City, California, and it has over 10,000 employees.


On December 13, 2021, Shutterfly discovered that it experienced a data breach in which the sensitive personal identifiable information of individuals in its system was accessed. During the breach, some of Shutterfly’s systems were locked up and data on those systems was accessed. Shutterfly disclosed that the breach was a ransomware attack that occurred on December 3, 2021. In March 2022, Shutterfly began notifying employees whose information may have been impacted. In June 2022, Shutterfly filed additional data breach notifications with various state governments signifying that more employees likely needed notification that their personal identifiable information may have been impacted. The type of information exposed includes:

  • Name
  • Social Security number
  • Salary and compensation information
  • FMLA leave information
  • Workers’ compensation claims

If you have provided your personal information to Shutterfly, LLC:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the Shutterfly data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Enroll in the free credit monitoring service provided by Shutterfly, LLC;
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: