Cyber Incident Victim: Entourage Yearbooks
Date:
Feb 2024
Location:
Canada
Summary
A ransomware attack compromised Entourage's yearbook software platform, Creator Studio Pro, used by Edge Imaging, after threat actors accessed a Canadian AWS cloud server via stolen developer credentials. The breach affected raw student photos uploaded over a two-year period, potentially including device-generated metadata like geo-location, but no names, schools, or other personal identifiers. Entourage recovered the images through negotiations, with confirmation from attackers that files were deleted and not disseminated. Mitigation included server isolation, credential rotation, developer access restrictions, and third-party security audits. Affected schools were instructed to re-upload yearbook photos while Edge Imaging confirmed its internal systems remained uncompromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident involving Entourage Yearbooks began on February 5, 2024, when Entourage, the owner of the Creator Studio Pro yearbook software platform, detected unauthorized access to its Canadian AWS cloud server. Attackers compromised a developer’s username and password, leading to a ransomware attack that resulted in the removal of photo files from a storage container. Edge Imaging, a yearbook provider utilizing Entourage’s services, was notified and subsequently informed affected school boards, including the Upper Grand District School Board (UGDSB), on February 8, 2024. Six UGDSB schools—Centennial CVI, Guelph CVI, Wellington Heights SS, Centre Dufferin DHS, Edward Johnson PS, and Ken Danby PS—were confirmed as impacted, with yearbook photos from the 2022/23 and 2023/24 academic years potentially exposed. Edge Imaging clarified that only raw photo files were accessed, with no accompanying identifying information such as student names, schools, grades, or captions. However, metadata like geo-location data may have been present in files uploaded from personal devices, though Edge Imaging’s own camera-captured photos lacked such details.
Entourage engaged cybersecurity advisors to negotiate with the threat actors, securing the return of all Canadian photo files by February 29, 2024, along with a commitment from the attackers that the files were deleted and not distributed. Edge Imaging notified the FBI on February 8 due to Entourage’s U.S. base in New Jersey, and alerted Canadian federal and provincial privacy commissioners by February 15. Containment measures included taking the compromised AWS server offline, rotating all Entourage credentials, revoking developer access to the Canadian environment, and initiating third-party security audits. Edge Imaging deployed web monitoring services to detect potential leaks and collaborated with schools to rebuild yearbooks by re-uploading lost photos. No evidence suggested broader access to Entourage’s template databases or Edge Imaging’s internal systems. The incident required school-level outreach to affected communities, as Edge Imaging lacked direct means to identify impacted individuals.