Hillicon Valley — Shutterfly gets hacked

View in your browser OVERNIGHT POLICY: Hillicon Valley Shutterfly gets hacked © AP Photo/Paul Sakuma, File Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage. Shutterfly became the latest company this year to be hit by a ransomware attack, with the company announcing the incident over the weekend and stressing that an investigation into the attack was ongoing.  Meanwhile, abortion rights groups said tech companies are blocking content about access to abortion pills – an issue advocates say will be even worse if abortion bans are upheld by the Supreme Court.  Let’s jump into the news. Shutterfly in the crosshairs © iStock Photography company Shutterfly this week announced that it had been hit by a ransomware attack that had affected some services, making it the latest in a string of companies to be targeted by hackers looking for a payout.  Post-Christmas gift: The company announced the attack in a statement posted to its website on Sunday, noting the incident had impacted portions of the Lifetouch and BorrowLenses business, along with Groovebook, manufacturing and some corporate systems. Shutterfly.com and other related websites were not hit.  “We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident,” the company wrote in the statement. “As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected.” While the company was not aware as of Sunday what data had been compromised, it emphasized that credit card numbers, other financial information and Social Security numbers were not stored by Shutterfly.  More details: Bleeping Computer reported Monday that the Conti hacking gang was behind the attack, which had involved encrypting around 4,000 Shutterfly devices beginning two weeks ago. The outlet reported that the hackers were demanding millions of dollars in ransom payment and threatening to release stolen pages of legal agreements, login credentials and other sensitive information if not paid in the next few days.  Read more here.  Abortion rights groups slam tech giants © Getty Images Abortion rights groups say Facebook and other tech giants are making it harder for the public to access information about abortion pills by blocking posts and ads with credible information. They say limited access to online information about self-managed abortions will be even worse for women if strict anti-abortion bans limiting access to care, such as Mississippi's, are upheld by the Supreme Court. “People already have to jump through so many hoops to get abortion care, and it’s likely to become even more difficult if not impossible for millions of people,” said Dina Montemarano, research director at NARAL. “People are going to need to rely on the internet for accurate information. I think this is even more true when it comes to medication abortion care and folks learning more about that. So [tech companies] really need to clean up their act and start caring about their users like they say they do in order for them to fix this,” she added.  The concerns about social media are twofold — as the companies are blocking credible information, advocates say tech giants are allowing bad actors to spread false information about abortion care.  “More Americans are going to need accurate information on abortion, and how to access an in clinic procedure, or how to access abortion pills, how to use them, and what things they need to know about doing that,” said Jennifer Holloway, communications director at Ipas, an international nongovernmental organization that increases access to safe abortions and contraception.  “But these platforms have algorithms that surface the opposition and misinformation and misleading content, and that seems to be advantaged by the algorithm over scientifically based or fact based information that sexual reproductive health groups are sharing,” Holloway added. Read more here.  NEW DEFENSE BILL ON THE BOOKS President Biden on Monday signed a sweeping $768 million defense policy bill, setting up top lines and policy for the Pentagon, the White House announced. Biden signed the fiscal year 2022 National Defense Authorization Act (NDAA) after Congress scrambled to pass the annual bill earlier this month. The House passed the bill by an overwhelmingly bipartisan 363-70 vote in early December, and the Senate later passed the bill by a bipartisan 88-11 vote.  Rep. Adam Smith (D-Wash.), chairman of the House Armed Services Committee, said in a statement that “there’s a lot to be proud of in this bill.” Among the many provisions, the sweeping defense bill addresses cybersecurity. Provisions include requiring the establishment of a zero trust strategy at the Department of Defense, requiring an assessment of the cyber capabilities of adversary nations, and enhancing cybersecurity at the Department of Homeland Security, among other cyber-related issues.  Read more here.  BITS AND PIECES An op-ed to chew on: 5G wireless–yet another reason to fear flying Lighter click: Dudes continue to rock Notable links from around the web: Spyware scandal rocks Polish government (The Verge / Russell Brandom) The 2021 Good Tech Awards (The New York Times / Kevin Roose) 2021 was a huge year for space exploration. 2022 could be even bigger (The Washington Post / Christian Davenport) The new rules of Monopoly (Politico / Leah Nylen) One last thing: Companies pull out of CES © Getty Images Microsoft became the latest company last week to drop out of physically participating in the Consumer Electronics Show (CES) amid a surge in COVID-19 cases driven by the omicron variant. "The health and well-being of our employees is our ultimate priority," a company spokesperson said in a statement to The Hill. "After reviewing the latest data on the rapidly evolving COVID environment, Microsoft has decided not to participate in-person at CES 2022." The Verge first reported on Microsoft's decision to pull out of in-person events at the conference scheduled from Jan. 5 to Jan. 8. The company will instead have a digital presence at both the Microsoft Partner Innovation Experience and Automotive Press Kit. Dozens of companies have pulled out of physically attending the annual technology conference Read more here.  That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Tuesday. Sign Up for Hillicon Valley Forward Hillicon Valley Privacy Policy  |   Manage Subscriptions  |   Unsubscribe Email to a friend  |   Sign Up for Other Newsletters The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 © 1998 - 2021 Nexstar Media Inc. | All Rights Reserved.

Link