Skip to main content

Top Canadian arts and cultural organizations are cautioning patrons that some of their personal data may have been exposed in a recent security incident involving their e-mail service provider.

WordFly, which a sends e-mails on behalf of clients including the National Ballet of Canada, Toronto Symphony Orchestra (TSO), Canadian Opera Company (COC), Canadian Stage and The Musical Stage Company, was hit by a ransomware attack on July 10, according to a statement by the marketing service’s business development director, Kirk Bentley.

Mr. Bentley wrote that the incident rendered WordFly’s technology inaccessible and that the “bad actor” exported the e-mail addresses that the company’s customers use to reach subscribers. He also said that as of July 15, the data were deleted by the attacker, and that at this time, the information is not believed to be sensitive in nature.

Cyber threats are on the rise and becoming more sophisticated, Canadian Centre for Cyber Security spokesperson Evan Koronewski said in an e-mail to The Globe and Mail. Although cybercriminals can target organizations of any size, they are “particularly skilled” at targeting those with large databases for higher paydays.

According to the 2022 TELUS Canadian Ransomware Study, 83 per cent of Canadian businesses reported attempted ransomware attacks, while 67 per cent have fallen victim to one.

In light of July’s incident, the National Ballet of Canada said in an e-mailed statement to The Globe that it’s working closely with other arts organizations “to create a unified response.”

A statement by the TSO recommended that patrons stay cautious of phishing e-mails, texts or calls that ask for personal information or have links and attachments. They also suggested the use of stronger passwords.

“You want to protect personal information because it can be used for not good purposes, it can be used to launch a cyberattack,” Canadian Cyber Threat Exchange strategic adviser Bob Gordon said in an interview with The Globe.

“[If] I know that you do something with the Symphony and now I have your e-mail address, I can now send you an e-mail tailored to look like it’s coming from the Toronto Symphony … to try to convince you to do something that ultimately will assist me in launching an attack against you.”

An e-mail from the COC informed patrons that their names, e-mails and COC IDs might have been compromised while assuring that no financial information was leaked.

“We have been assured that the incident has been contained,” said a similar e-mail by Canadian Stage, a performance arts company based in Toronto.

Cybercriminals use ransomware to prevent users from accessing their systems or files through data encryption or removal. A ransom is then demanded to regain access and get information back, Mr. Gordon explained.

“One thing that happens with ransomware is that data doesn’t have to have any value to the attacker, it just has to be of value to the victim,” he said. The victim needs that information to keep operating matters such as supplier lists, customer lists and invoices.

Other notable clients whose data were handled by Wordfly and are potentially compromised include The Smithsonian Institution in the U.S. and the Sydney Dance Company in Australia. British arts organizations such as Southbank Centre, Royal Shakespeare Company, Royal Opera House, The Old Vic and the Courtauld Institute of Art were also among the victims.

The TSO, the COC and the National Ballet of Canada indicated that they have temporarily partnered with Mailchimp, another e-mail provider, until WordFly restores services.

The TSO, the COC and WordFly did not respond to requests for comment.

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe