Reported T-Mobile Data Breach & Shutterfly Ransomware Incident

Reported T-Mobile Data Breach & Shutterfly Ransomware Incident

Ransomware Group Reportedly Targets Shutterfly

On December 27, 2021, ZDNet.com reported that “Shutterfly reported a ransomware attack on Sunday [December 26, 2021].” The incident was first reported by Bleeping Computer, which said a source told them the company was attacked by the Conti ransomware group.” ZDNet.com reported that “[i]n a statement, the company said portions of the Lifetouch and BorrowLenses business were affected. They experienced interruptions with Groovebook, manufacturing offices, and some corporate systems as well.”

Shutterfly, according to the ZDNet.com report, is “assessing the full scope of any data that may have been affected,” and Shutterfly does “not store credit card, financial account information, or the Social Security numbers of [its] Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in [the] incident.”

Reportedly, Another, But Smaller, Data Breach Suffered By T-Mobile

On December 28, 2021, Cnet.com reported that “[o]n the delayed heels of its huge data breach in August, the T-Mo Report brings news . . . of another possible data breach. This one seems to impact a smaller group of customers who received notifications of ‘unauthorized activity’ on accounts consisting of customer proprietary network information or a physical SIM swap (or both), according to the site.”

According to Cnet.com, Customer Proprietary Network Information “. . . consists of all the data T-Mobile has about your phone calls, which according to the carrier [are] ‘features of your voice calling service (e.g., international calling), usage information (like call logs—including date, time, phone numbers called, and duration of calls), and quantitative data like minutes used.’ It doesn’t contain any billing-related information like names or addresses.”

Additionally, according to Cnet.com, “[a]n unapproved physical SIM swap allows someone else to take over your phone number, and if they have your password, to potentially gain access to accounts linked to it — such as if you use text for multifactor authentication.”

For additional information on protecting your identity from a SIM-swap scam, please click the CNet.com article, “T-Mobile data breach and SIM-swap scam: How to protect your identity.”

Have You Been Impacted by A Data Breach?

If so, please complete the form on the right or contact Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected][email protected]for a free, no-obligation evaluation of potential legal claims.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.