Toronto Symphony Orchestra customer names and emails potentially compromised in ransomware attack

The company's email provider Wordfly was the target of a ransomware attack

The Toronto Symphony Orchestra is warning its patrons that their information might have been compromised in a recent ransomware attack, according to a recent CP24 report.

The TSO emailed its patrons Monday afternoon, outlining the situation. The email provider, Wordfly, became aware of a “network disruption” on July 10th.

“We have come to learn that WordFly was subject to a ransomware attack,” the TSO said in its email. “As part of the incident, the attacker exported customers’ information from the WordFly environment, including patron information that WordFly was handling on behalf of the TSO.”

The compromised information included names, email addresses, TSO patron IDs, and donor level and survey responses, including information like demographic details that include age, gender and ethnicity.

Typically ransomware attacks involve cybercriminals locking computer systems until a ransom is paid. This time WordFly’s data was stolen and exported days later.

WordFly said to the TSO that there’s “no evidence” to suggest the data was misused or made publicly available. In TSO’s release, it said the following: “While we have no evidence of any of our patrons’ information being misused, in the spirit of full transparency and in abundance of caution, we want to let you know what happened, what personal information was involved, what we are doing, and what you can do.”

“Further, WordFly’s understanding is that the data has now been deleted from the attacker’s possession,” the orchestra said.

Currently, the TSO is working with Mailchimp, another email provider, to stay in touch with its patrons.

“Please accept our sincere apologies,” the TSO said. “We take the security of our data and systems very seriously, and we value the trust that you place in us.”

The TSO is telling its customers to remain vigilant to the risk of phishing: be cautious of emails, text messages or phone calls that request personal information or have links or attachments:

        • Remain vigilant to the risks of phishing: be cautious of emails, text messages, or phone calls that request that you provide personal information or contain links or attachments, even when originating from trusted individuals or companies. In particular, remain vigilant of any communication referencing your relationship with the TSO. The TSO will never ask you to provide payment, financial or other sensitive information by email.
        • Check your accounts for unauthorized charges and transactions.
        • Use strong passwords for your personal and financial accounts. Avoid using the same passwords across various services and change your passwords regularly.

The email provider, WordFly, has been down for about two weeks since the breach was discovered.

Source: TSO, CP24

Related Articles