Main menu


Major Canadian arts and cultural organization hit by cyberattack

featured image

Canada’s top arts and culture organization warns patrons that a recent security incident involving an email service provider may have exposed some of their personal data.

WordFly, which sends emails on behalf of clients including the National Ballet of Canada, Toronto Symphony Orchestra (TSO), Canadian Opera Company (COC), Canadian Stage and Musical Stage Company, was hit by a ransomware attack on July 10th. I was. , according to a statement by Kirk Bentley, director of business development for marketing services.

Bentley wrote that the incident left WordFly’s technology inaccessible and that “bad actors” exported email addresses that the company’s customers use to contact subscribers. He also said the data had been deleted by the attackers as of July 15, and that the information is not considered sensitive in nature at this time.

Cyber ​​threats are increasing and becoming more sophisticated, Evan Koronowski, a spokesman for the Canadian Cyber ​​Security Center, said in an email to The Globe. Cybercriminals can target organizations of all sizes, but they are “especially good” at targeting companies with large databases for higher rewards.

According to the 2022 TELUS Canadian Ransomware Study, 83% of Canadian businesses have reported attempted ransomware attacks, and 67% have been victims.

Following the July incident, the National Ballet of Canada issued an emailed statement to The Globe and Mail saying it was “working closely with other arts groups to create a unified response.” ” he said.

The TSO statement encourages users to beware of phishing emails, texts, and phone calls that request personal information or contain links or attachments. They also suggested using stronger passwords.

In an interview with The Globe, Bob Gordon, strategic adviser to the Canadian Cyber ​​Threat Exchange, said, “Personal information can be misused and used to launch cyberattacks. We want to protect.

“”[If] I know you’re doing something with the symphony orchestra. I got your email address. You can send emails tailored to appear to originate from the Toronto Symphony Orchestra. Help launch an attack on you.

An email from the COC informed us that the customer’s name, email and COC ID may have been compromised and assured us that no financial information had been compromised.

“We are confident the incident has been contained,” said a similar email from Canadian Stage, a Toronto-based performing arts company.

Cybercriminals use ransomware to prevent users from accessing systems and files by encrypting or deleting data. A ransom is then demanded to regain access and retrieve the information, Gordon explained.

“One of the things that happens with ransomware is that the data doesn’t have to be valuable to the attacker, it’s only valuable to the victim,” he said. Victims need that information to continue their business, such as their list of suppliers, their list of customers, and their invoices.

Other notable clients whose data has been processed by Wordfly and may have been compromised include the Smithsonian Institution in the United States and the Sydney Dance Company in Australia. Among the victims were British arts organizations such as the Southbank Centre, the Royal Shakespeare Company, the Royal Opera House, the Old Vic and the Courtauld Museum.

TSO, COC and the National Ballet of Canada have indicated that WordFly is temporarily partnering with another email provider, Mailchimp, until it resumes service.

TSO, COC and WordFly did not respond to requests for comment.