Toronto Symphony sideswiped by WordFly ransomware assault | IT World Canada News
One of Canada’s largest orchestras is amongst North American organizations victimized by a ransomware assault earlier this month on WordFly, a digital communications and advertising and marketing platform utilized by arts, leisure, tradition and sports activities corporations.
On Monday afternoon, the Toronto Symphony Orchestra — which makes use of WordFly as an electronic mail supplier — notified subscribers by electronic mail of the July 10 incident as a result of the attacker additionally exported clients’ info from the WordFly atmosphere, together with knowledge WordFly was dealing with on behalf of the TSO. The TSO has briefly switched electronic mail suppliers so its communications can proceed.
The assertion didn’t say what number of subscribers may be concerned, though it does say fee and monetary knowledge weren’t copied. Nor had been the TSO’s IT methods concerned.
“WordFly assures us that there is no evidence to suggest that the data was misused for any purpose by this attacker, nor made publicly available,” the message says.
“Further, WordFly’s understanding is that the data has now been deleted from the attacker’s possession.”
As of 5:30 p.m. Eastern on July 25, WordFly’s status website said its IT systems were still unavailable. A support page says that on July 14th it discovered the “bad actor” accountable for the assault exported the e-mail addresses and different knowledge clients — just like the TSO — use to speak with their subscribers. “At this time, we believe that the exported data was not sensitive in nature and largely consisted of names and email addresses,” WordFly mentioned. “It is our understanding that as of the evening of July 15, 2022, the data was deleted from the bad actor’s possession,” the assertion added.
According to Arts Professional, U.Ok. establishments victimized embrace the Southbank Centre, the Royal Shakespeare Company, the Royal Opera House and The Old Vic theatre.
The TSO urges subscribers to watch out dealing with emails, textual content messages, or cellphone calls asking for his or her private info, and messages that embrace hyperlinks or attachments — even messages coming from trusted people or corporations.
“In particular, remain vigilant of any communication referencing your relationship with the TSO,” the advisory says. “The TSO will never ask you to provide payment, financial, or other sensitive information by email.”
It additionally reminds subscribers to test their credit score and debit accounts for unauthorized prices and transactions.
Finally, it urges subscribers to make use of robust passwords for private and monetary accounts, and to keep away from utilizing the identical passwords throughout numerous providers.