Important Update: August 3, 2022
On August 2, 2022, WordFly notified the VSO that while a small subset of their customer data base had been affected, the VSO’s customer data was NOT impacted by their cyber security incident. The VSO has not been provided with any other information from Wordfly. However, the VSO will provide further updates once known.
A Statement from the VSO regarding the Wordfly Data Incident
We’re sorry that we haven’t been in touch lately via email. Our third-party email service provider, Wordfly, has been experiencing a service outage, preventing the VSO and thousands of other arts organizations worldwide from communicating with our audiences.
The security and confidentiality of our constituents’ information is one of our top priorities at the VSO. We monitor our network and information technology systems for attacks and intrusions on a continuous basis.
In the spirit of transparency and because your privacy is important to us, we would like to let our e-news subscribers and all stakeholders know about an incident that may have resulted in limited access to certain personal information stored by our third party email provider, Wordfly.
On July 10, 2022, Wordfly became aware of a disruption in service and learned that unidentified individuals illegally accessed their network and IT systems to deploy ransomware. Wordfly immediately retained an experienced team of cyber security and forensic experts, and through their investigation, discovered that some customer data was exported from the environment. Wordfly has advised us that it understands that the exported data has since been deleted from the unidentified individual’s possession, and Wordfly has no evidence to believe that your information has been publicly distributed. However, Wordfly’s systems remain down, and we have made alternate arrangements to communicate with you by email.
What data may be impacted?
This incident did not impact our ticketing database or your VSO account. No financial or payment data has been compromised.
Personal information that may have been affected that was stored by Wordfly is limited to your name, address, email address, phone number and whether you are a donor or subscriber. VSO did not store any financial or payment data with Wordfly
How has the VSO responded?
Upon learning about the incident, the VSO immediately began working to resume communications with our stakeholders and researching alternative email providers. We
have partnered with Prospect2/Active Campaign to send email communications going forward, and you may learn more about their data protection and security measures here: Data Protection and Security | ActiveCampaign.
Is there any action required by you?
Since we are unable to confirm that your data was not exposed, we have elected to notify you of this incident out of an abundance of caution so that you may take whatever steps you may deem necessary.
To be clear, there is no evidence that a hacker targeted you, Wordfly or the VSO specifically in this incident. We are informing you of this event because it is possible that a hacker accessed or took some information from the Wordfly server, which could include your name, address, email address, phone number and whether you are a donor or subscriber.
To eliminate any potential misuse of the above information, we recommend, as a best practice, that you follow the steps outlined below to help reduce potential risks.
1. Be vigilant for signs of identity fraud.
It is possible that a hacker or others could attempt to use the personal information listed above for the purposes of attempted identity fraud. This means that they could try to use that information to impersonate you to obtain a benefit or service.
Please remain vigilant for any potential signs of identity fraud such as suspicious activity on your bank accounts, unauthorized redirection of mail, unauthorized porting of your mobile phone, or receiving goods or services that you did not order.
2. Be wary of fraudulent attempts.
There is no action required to safeguard your VSO account. We encourage you to exercise caution regarding phishing schemes via email, text messages and phone calls. Please remember that the VSO will never ask you to provide payment, financial or sensitive data by email.
It is also possible that a hacker may try to use this information for other fraudulent purposes. A fraudster may contact you in an attempt to trick you into providing more personal information or access credentials, or to divert payments to or from you. To protect yourself against fraudulent attempts:
- be wary of anyone that contacts you and requests personal information or access credentials from you, even if they appear to know other details about you;
- do not respond to email or text messages asking for personal information – few legitimate organizations will ask for personal information by email or text;
- be on the lookout for spoofed email address – hover over the e-mail address to see and verify the exact e-mail address (rather than just the name used);
- be careful of unsolicited telephone calls which purport to be from a government authority or business;
- remain vigilant regarding any suspicious emails that ask you to open attachments or click on links – do not click on links unless you have confirmed they are legitimate;
- be suspicious of any requests for changes made to payment instructions and confirm all such changes by phone call to known and trusted numbers; and
- if in doubt, send an independent e-mail (i.e. do not click “reply”) to the sender to confirm the contents of the original e-mail, or alternatively, call the sender to confirm they sent the e-mail.
We take the safety and security of your personal and confidential information very seriously. The VSO appreciates the trust you place in us, and hope that you will accept our sincerest apologies.
If you have any questions about this incident, please contact our customer service team at 604.876.3434 or email@example.com.