Lifetouch
Company Details
Linkedin ID:
lifetouch
Website:
Employees number:
4,946
Number of followers:
28,956
NAICS:
54192
Industry Type:
Homepage:
lifetouch.com
IP Addresses:
0
Company ID:
LIF_2599553
Scan Status:
In-progress
Lifetouch Company CyberSecurity Posture
lifetouch.com
At Lifetouch, our purpose is to help families capture life's memories. For more than 80 years, Lifetouch has been the professional photography company of choice for schools and families. Headquartered in Eden Prairie, MN., the enterprise is organized around four primary business lines operating in local communities across North America. Built on the tradition of “Picture Day”, Lifetouch captures smiling faces from preschool through high school graduation, as well as sports, special events, seniors, and yearbooks. Additional photography services are offered through JCPenney Portraits by Lifetouch, helping families capture special milestones nationwide. Lifetouch is also proud to be a part of the Shutterfly family of brands.
Lifetouch A.I CyberSecurity Scoring
Lifetouch Risk Score (AI oriented)Between 750 and 799
Lifetouch
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Lifetouch Global Score (TPRM)XXXX
Lifetouch
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Lifetouch Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Shutterfly, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported that Shutterfly, Inc. experienced a data breach involving potential unauthorized access to employee personal data on January 11, 2018, with the report submitted on March 28, 2018. The breach did not confirm the theft of personal data, but potentially exposed names, social security numbers, and other confidential information.
Shutterfly, Inc.
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On November 26, 2014, the California Office of the Attorney General reported a data breach involving Shutterfly, Inc. (Tiny Prints, Treat, and Wedding Paper Divas) due to a criminal cyber-attack. The incident potentially exposed email addresses and encrypted passwords of the customers, but there is no evidence that credit or debit card information was compromised.
Shutterfly
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Online retail and photography manufacturing platform Shutterfly suffered a data breach after the Conti ransomware group stole data during a ransomware attack. The threat actors both locked up and encrypted 4,000 devices and 120 VMware ESXi servers and accessed some of the data on those systems including the personal information of certain people. The information included employees' personal information, including names, salary and compensation information, and FMLA leaves or workers’ compensation claims. Data posted on a private page also contained legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and some customer information, including the last four digits of credit cards.
Lifetouch Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Lifetouch
Incidents vs Photography Industry Average (This Year)
No incidents recorded for Lifetouch in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Lifetouch in 2025.
Incident Types Lifetouch vs Photography Industry Avg (This Year)
No incidents recorded for Lifetouch in 2025.
Incident History — Lifetouch (X = Date, Y = Severity)
Lifetouch cyber incidents detection timeline including parent company and subsidiaries
Lifetouch Company Subsidiaries
At Lifetouch, our purpose is to help families capture life's memories. For more than 80 years, Lifetouch has been the professional photography company of choice for schools and families. Headquartered in Eden Prairie, MN., the enterprise is organized around four primary business lines operating in local communities across North America. Built on the tradition of “Picture Day”, Lifetouch captures smiling faces from preschool through high school graduation, as well as sports, special events, seniors, and yearbooks. Additional photography services are offered through JCPenney Portraits by Lifetouch, helping families capture special milestones nationwide. Lifetouch is also proud to be a part of the Shutterfly family of brands.
Loading...
Lifetouch Similar Companies
Freelancer
A freelancer or freelance worker is a term commonly used for a person who is self-employed and is not necessarily committed to a particular employer long-term. Freelance workers are sometimes represented by a company or a temporary agency that resells freelance labor to clients; others work independ
Bertelsmann SE & Co. KGaA
Bertelsmann is a media, services and education company with more than 80,000 employees that operates in about 50 countries around the world. It includes the entertainment group RTL Group, the trade book publisher Penguin Random House, the music company BMG, the service provider Arvato Group, Bertels
.png)
Lifetouch CyberSecurity News
December 28, 2021 08:00 AM
Ransomware Attack on Shutterfly Disrupts Photo Service Mid-Holiday Season
Photography behemoth Shutterfly is suffering disruption to its business due to a ransomware attack that reportedly encrypted over 4000...
December 27, 2021 08:00 AM
Photo services giant Shutterfly suffers ransomware attack
Shutterfly LLC, the operator of several popular e-commerce services focused on the photography market, has suffered a ransomware attack.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Lifetouch CyberSecurity History Information
Official Website of Lifetouch
The official website of Lifetouch is http://lifetouch.com.
Lifetouch’s AI-Generated Cybersecurity Score
According to Rankiteo, Lifetouch’s AI-generated cybersecurity score is 763, reflecting their Fair security posture.
How many security badges does Lifetouch’ have ?
According to Rankiteo, Lifetouch currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Lifetouch have SOC 2 Type 1 certification ?
According to Rankiteo, Lifetouch is not certified under SOC 2 Type 1.
Does Lifetouch have SOC 2 Type 2 certification ?
According to Rankiteo, Lifetouch does not hold a SOC 2 Type 2 certification.
Does Lifetouch comply with GDPR ?
According to Rankiteo, Lifetouch is not listed as GDPR compliant.
Does Lifetouch have PCI DSS certification ?
According to Rankiteo, Lifetouch does not currently maintain PCI DSS compliance.
Does Lifetouch comply with HIPAA ?
According to Rankiteo, Lifetouch is not compliant with HIPAA regulations.
Does Lifetouch have ISO 27001 certification ?
According to Rankiteo,Lifetouch is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Lifetouch
Lifetouch operates primarily in the Photography industry.
Number of Employees at Lifetouch
Lifetouch employs approximately 4,946 people worldwide.
Subsidiaries Owned by Lifetouch
Lifetouch presently has no subsidiaries across any sectors.
Lifetouch’s LinkedIn Followers
Lifetouch’s official LinkedIn profile has approximately 28,956 followers.
NAICS Classification of Lifetouch
Lifetouch is classified under the NAICS code 54192, which corresponds to Photographic Services.
Lifetouch’s Presence on Crunchbase
No, Lifetouch does not have a profile on Crunchbase.
Lifetouch’s Presence on LinkedIn
Yes, Lifetouch maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/lifetouch.
Cybersecurity Incidents Involving Lifetouch
As of December 17, 2025, Rankiteo reports that Lifetouch has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Lifetouch has an estimated 2,457 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Lifetouch ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
Incident Details
Can you provide details on each incident ?
Title: Shutterfly Data Breach and Ransomware Attack
Description: Shutterfly suffered a data breach after the Conti ransomware group stole data during a ransomware attack.
Type: Ransomware and Data Breach
Attack Vector: Ransomware
Threat Actor: Conti ransomware group
Motivation: Data theft and ransom
Title: Shutterfly Data Breach
Description: A data breach involving Shutterfly, Inc. (Tiny Prints, Treat, and Wedding Paper Divas) due to a criminal cyber-attack potentially exposed email addresses and encrypted passwords of the customers.
Date Detected: 2014-11-26
Date Publicly Disclosed: 2014-11-26
Type: Data Breach
Title: Shutterfly Data Breach
Description: The California Office of the Attorney General reported that Shutterfly, Inc. experienced a data breach involving potential unauthorized access to employee personal data on January 11, 2018, with the report submitted on March 28, 2018. The breach did not confirm the theft of personal data, but potentially exposed names, social security numbers, and other confidential information.
Date Detected: 2018-01-11
Date Publicly Disclosed: 2018-03-28
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware and Data Breach SHU224131822
Data Compromised: Employee personal information, legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and some customer information
Systems Affected: 4,000 devices120 VMware ESXi servers
Incident : Data Breach SHU548072625
Data Compromised: Email addresses, Encrypted passwords
Incident : Data Breach SHU458072825
Data Compromised: Names, Social security numbers, Other confidential information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Employee Personal Information, Legal Agreements, Bank And Merchant Account Info, Login Credentials For Corporate Services, Spreadsheets, Customer Information, , Email Addresses, Encrypted Passwords, , Names, Social Security Numbers, Other Confidential Information and .
Which entities were affected by each incident ?
Incident : Ransomware and Data Breach SHU224131822
Entity Name: Shutterfly
Entity Type: Online retail and photography manufacturing platform
Industry: Retail and Photography
Incident : Data Breach SHU548072625
Entity Name: Shutterfly, Inc.
Entity Type: Company
Industry: E-commerce
Incident : Data Breach SHU458072825
Entity Name: Shutterfly, Inc.
Entity Type: Company
Industry: Photography and Imaging Services
Location: California, USA
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware and Data Breach SHU224131822
Type of Data Compromised: Employee personal information, Legal agreements, Bank and merchant account info, Login credentials for corporate services, Spreadsheets, Customer information
Personally Identifiable Information: NamesSalary and compensation informationFMLA leavesWorkers’ compensation claimsLast four digits of credit cards
Incident : Data Breach SHU548072625
Type of Data Compromised: Email addresses, Encrypted passwords
Incident : Data Breach SHU458072825
Type of Data Compromised: Names, Social security numbers, Other confidential information
Sensitivity of Data: High
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware and Data Breach SHU224131822
Ransomware Strain: Conti
Data Encryption: True
Data Exfiltration: True
References
Where can I find more information about each incident ?
Incident : Data Breach SHU548072625
Source: California Office of the Attorney General
Date Accessed: 2014-11-26
Incident : Data Breach SHU458072825
Source: California Office of the Attorney General
Date Accessed: 2018-03-28
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2014-11-26, and Source: California Office of the Attorney GeneralDate Accessed: 2018-03-28.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Conti ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2014-11-26.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2018-03-28.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Employee personal information, legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and some customer information, email addresses, encrypted passwords, , names, social security numbers, other confidential information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were 4,000 devices120 VMware ESXi servers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Employee personal information, legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and some customer information, social security numbers, encrypted passwords, names, other confidential information and email addresses.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=lifetouch' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
