Toronto Symphony sideswiped by WordFly ransomware attack

One of Canada’s biggest orchestras is among North American organizations victimized by a ransomware attack earlier this month on WordFly, a digital communications and marketing platform used by arts, entertainment, culture and sports firms.

On Monday afternoon, the Toronto Symphony Orchestra — which uses WordFly as an email provider — notified subscribers by email of the July 10 incident because the attacker also exported customers’ information from the WordFly environment, including data WordFly was handling on behalf of the TSO. The TSO has temporarily switched email providers so its communications can continue.

The statement didn’t say how many subscribers might be involved, although it does say payment and financial data weren’t copied. Nor were the TSO’s IT systems involved.

“WordFly assures us that there is no evidence to suggest that the data was misused for any purpose by this attacker, nor made publicly available,” the message says.

“Further, WordFly’s understanding is that the data has now been deleted from the attacker’s possession.”

UPDATE: Subscribers to the Toronto-based Canadian Stage theatre company, which also uses WordFly for email communications, were notified today their email address, and first and last names, may have been in the WordFly breach.

As of 5:30 p.m. Eastern on July 25, WordFly’s status website said its IT systems were still unavailable. A support page says that on July 14th it learned the “bad actor” responsible for the attack exported the email addresses and other data customers — like the TSO — use to communicate with their subscribers. “At this time, we believe that the exported data was not sensitive in nature and largely consisted of names and email addresses,” WordFly said. “It is our understanding that as of the evening of July 15, 2022, the data was deleted from the bad actor’s possession,” the statement added.

Other large cultural agencies impacted include the U.S.-based Smithsonian Institution, the Courtauld Institute of Arts and the Sydney Dance Company in Australia.

According to Arts Professional, U.K. institutions victimized include the Southbank Centre,  the Royal Shakespeare Company, the Royal Opera House and The Old Vic theatre.

The TSO urges subscribers to be careful handling emails, text messages, or phone calls asking for their personal information, and messages that include links or attachments — even messages coming from trusted individuals or companies.

“In particular, remain vigilant of any communication referencing your relationship with the TSO,” the advisory says. “The TSO will never ask you to provide payment, financial, or other sensitive information by email.”

It also reminds subscribers to check their credit and debit accounts for unauthorized charges and transactions.

Finally, it urges subscribers to use strong passwords for personal and financial accounts, and to avoid using the same passwords across various services.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.