Skip to content

Settra ransomware group claims American Color Imaging after weeklong Iowa outage

A newly emerged extortion group claims it stole hundreds of gigabytes of data from the professional photo lab, which has not confirmed a cyberattack.

Exterior of American Color Imaging’s headquarters and production facility in Cedar Falls, Iowa.
American Color Imaging’s headquarters and production facility in Cedar Falls, Iowa. The company restored production July 1 after a weeklong systems outage.

American Color Imaging restored production July 1 after a weeklong systems outage delayed orders and customer communications at the professional photo lab in Cedar Falls, Iowa.

The company described the disruption as a temporary systems outage in public updates beginning June 24. It did not identify a cause or characterize the outage as a cyberattack.

Screenshot of American Color Imaging’s June 24 Facebook post announcing a temporary systems outage.
American Color Imaging announced June 24 that it was experiencing a temporary systems outage affecting ACI and its Background Town division, warning customers that communications could be delayed while orders continued to be accepted. (Screenshot by DysruptionHub)

American Color Imaging provides printing and related services to professional photographers from its Cedar Falls operations.

A post on the Settra ransomware group’s leak site lists American Color Imaging’s acilab.com domain as a victim and says additional material will be published after a countdown expires.

Settra claims it obtained 653 gigabytes of data, including financial and payroll records, information about photography studios and confidential documents belonging to a third party. The group says the archive spans multiple years and contains information involving thousands of ACI clients.

The post includes screenshots of documents that Settra presents as evidence of an intrusion. The group’s claims have not been independently verified.

Screenshot of the Settra ransomware group’s leak site listing American Color Imaging as a claimed victim with a publication countdown.
The Settra ransomware group’s leak site lists American Color Imaging as a claimed victim and threatens to publish additional material after a countdown expires. American Color Imaging has not confirmed the claim. (Screenshot by DysruptionHub)

Settra is a recently emerged extortion group first tracked publicly in June. WatchGuard classifies it as a data broker using direct and double-extortion tactics and had recorded 11 known victims. Arete identified Settra among several new threat actors that emerged that month.

Public reporting indicates Settra emphasizes data theft and threatened publication. Encryption has not been confirmed through public malware analysis, and no established connection to an older ransomware operation has been publicly documented.

American Color Imaging said June 24 that the outage affected ACI and its Background Town division. Customers could continue submitting orders, but the company warned that communications could be delayed.

The company said June 26 that it was still accepting orders, but production remained paused, submitted work was being held and one ordering platform was offline while restoration continued.

Updates June 29 and June 30 said restoration was progressing, with the company continuing to accept orders and expecting production to resume soon.

American Color Imaging said July 1 that production was fully operational. Its updates indicate the disruption affected production, order processing, customer communications and an online ordering platform for about one week.

The company previously reported a cybersecurity incident in May 2025. No connection to the June 2026 outage has been established.

Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.

Tip us

Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.

Become a Supporter

Other printing operations have faced similar disruptions followed by cyber disclosures or claims. Utah’s Standard-Examiner reported print-delivery delays before the Qilin ransomware group claimed the newspaper, while ransomware at New Jersey-based Evergreen Printing disrupted newspaper mailings.

American Color Imaging has not confirmed Settra’s claim, and no law enforcement agency or regulator has publicly linked the group to the outage.

Settra says the disruption involved unauthorized access and data theft, but American Color Imaging has not confirmed either claim or disclosed whether systems were encrypted. The company also has not said whether a ransom was demanded or paid, or whether customers, employees or others will receive breach notifications.

DysruptionHub contacted American Color Imaging for comment but did not receive a response before publication.

Attribution note: DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.
DysruptionHub Staff

DysruptionHub Staff

A collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United States.

All articles

More in Private Sector

See all

More from DysruptionHub Staff

See all