The Toronto Symphony Orchestra is warning its patrons that their information might have been compromised in a recent ransomware attack, according to CP24.
The TSO emailed its patrons Monday afternoon, explaining the situation. Wordfly became aware of a “network disruption” on July 10th.
“We have come to learn that WordFly was subject to a ransomware attack,” the TSO said in its email. “As part of the incident, the attacker exported customers’ information from the WordFly environment, including patron information that WordFly was handling on behalf of the TSO.”
The compromised information included names, email addresses, TSO patron IDs, and donor level and survey responses, which include information like demographic details including age, gender and ethnicity.
Typically ransomware attacks involve cybercriminals locking computer systems and locking them down until a ransom is paid. This time WordFly’s data was stolen and exported days later.
WordFly said to the TSO that there’s “no evidence” to suggest the data was misused or made publicly available. “While we have no evidence of any of our patrons’ information being misused, in the spirit of full transparency and in abundance of caution, we want to let you know what happened, what personal information was involved, what we are doing, and what you can do.”
“Further, WordFly’s understanding is that the data has now been deleted from the attacker’s possession,” the orchestra said.
Currently, the TSO is working with Mailchimp, another email provider, to stay in touch with its patrons.
“Please accept our sincere apologies,” the TSO said. “We take the security of our data and systems very seriously, and we value the trust that you place in us.”
The email provider, WordFly, has been down for about two weeks since the breach was discovered.