Jul 27 — Earlier this month, one of Canada’s biggest orchestras experienced the fallout from a ransomware attack. The attack occurred on WordFly, a digital communications and marketing platform frequently deployed by arts, entertainment, culture and sports firms.

WordFly environment

On Monday, the Toronto Symphony Orchestra, which relies on WordFly for email provisioning services, notified community members of the recent incident due to the fact that the attacker exported customers’ information.

The statement released by the Toronto Symphony Orchestra did not specify how many community members were affected. It does state that payment and financial data did not see compromise.

Further details

According to WordFly, data that the hacker obtained has since been deleted. No evidence suggests misuse of the data nor public distribution of the data. As of 9:00am on July 27th, WordFly’s website notified users that its IT systems remained unavailable.

Other large North American cultural institutions may have also been affected by the breach. These include the Smithsonian Institution, the Courtauld Institute of Arts and Sydney Dance Company.

UK-based victims

According to Arts Professional, several UK organizations were affected by the WordFly incident. These include the Southbank Centre, the Royal Shakespeare Company and The Old Vic theatre.

What to watch for

If your arts-based organization may have been affected, experts encourage employees to remain on alert for communications referencing your relationship with the Toronto Symphony Orchestra. Any emails demanding payment, financial information or other sensitive information are likely phishing schemes.

Experts have also noted that Toronto Symphony Orchestra subscribers should check their credit and debt accounts to ensure that no unauthorized charges or transactions have been made.

Lastly, persons who may have been affected by the breach are encouraged to take password-related precautions. These include maintaining strong passwords, changing passwords on a regular basis, and avoiding password reuse across accounts.

In summary

Third-party data breaches are among the most costly enterprise data breach types. Responding to these types of incidents is a complex pursuit, as it commonly requires reviewing legal contracts, understanding laws and regulations, obtaining forensics reports, learning about containment interventions, reviewing the scope of the incident and much more.

Protect your organization, your vendors, your partners and your clients by ensuring that you have the best security. Get Buyer’s Guides here.

See CyberTalk.org’s past coverage of data breaches, here. To receive more timely cyber security best practices, news, reports and analyses, please sign up for the cybertalk.org newsletter.