The Toronto Symphony Orchestra (TSO) could be dancing to another’s tune, as the group’s personal information may have been compromised as part of a ransomware attack on its email platform.
Earlier this week, the TSO sent an email notice to its subscribers, informing them that WordFly – the digital communications and marketing platform which TSO was using as an email provider – was compromised by a malware cyberattack on July 10. The attackers not only crippled WordFly, but also exported customers’ information – including data WordFly was handling on behalf of TSO.
TSO also said in its email that it has temporarily switched email providers so that it can resume communications. The group did not confirm how many subscribers were impacted by the breach, but TSO said that payment and financial data were not copied. TSO also gave assurances that its own IT system was unaffected.
“WordFly assures us that there is no evidence to suggest that the data was misused for any purpose by this attacker, nor made publicly available,” TSO explained in its email.
“Further, WordFly’s understanding is that the data has now been deleted from the attacker’s possession.”
WordFly’s clients are primarily those in the arts, entertainment, culture and sports segments. Other notable clients whose data was handled by the firm and are potentially compromised include UK arts organizations such as Southbank Centre, Royal Shakespeare Company, Royal Opera House, The Old Vic, and the Courtauld Institute of Arts. The Smithsonian Institution in the US and the Sydney Dance Company in Australia were also among the victims.
An update to the story by IT World Canada also revealed that the theatre company Canadian Stage had notified its members that their email addresses, as well as their first and last names, were potentially copied in the WordFly breach.