One of Canada’s biggest orchestras is among North American organizations victimized by a ransomware attack earlier this month on WordFly, a digital communications and marketing platform used by arts, entertainment, culture and sports firms.
On Monday afternoon, the Toronto Symphony Orchestra — which uses WordFly as an email provider — notified subscribers by email of the July 10 incident because the attacker also exported customers’ information from the WordFly environment, including data WordFly was handling on behalf of the TSO. The TSO has temporarily switched email providers so its communications can continue.
The statement didn’t say how many subscribers might be involved, although it does say payment and financial data weren’t copied. Nor were the TSO’s IT systems involved.
“WordFly assures us that there is no evidence to suggest that the data was misused for any purpose by this attacker, nor made publicly available,” the message says.
“Further, WordFly’s understanding is that the data has now been deleted from the attacker’s possession.”
UPDATE: Subscribers to the Toronto-based Canadian Stage theatre company, which also uses WordFly for email communications, were notified today their email address, and first and last names, may have been in the WordFly breach.
As of 5:30 p.m. Eastern on July 25, WordFly’s status website said its IT systems were still unavailable. A support page says that on July 14th it learned the “bad actor” responsible for the attack exported the email addresses and other data customers — like the TSO — use to communicate with their subscribers. “At this time, we believe that the exported data was not sensitive in nature and largely consisted of names and email addresses,” WordFly said. “It is our understanding that as of the evening of July 15, 2022, the data was deleted from the bad actor’s possession,” the statement added.
Other large cultural agencies impacted include the U.S.-based Smithsonian Institution, the Courtauld Institute of Arts and the Sydney Dance Company in Australia.
According to Arts Professional, U.K. institutions victimized include the Southbank Centre, the Royal Shakespeare Company, the Royal Opera House and The Old Vic theatre.
The TSO urges subscribers to be careful handling emails, text messages, or phone calls asking for their personal information, and messages that include links or attachments — even messages coming from trusted individuals or companies.
“In particular, remain vigilant of any communication referencing your relationship with the TSO,” the advisory says. “The TSO will never ask you to provide payment, financial, or other sensitive information by email.”
It also reminds subscribers to check their credit and debit accounts for unauthorized charges and transactions.
Finally, it urges subscribers to use strong passwords for personal and financial accounts, and to avoid using the same passwords across various services.