DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Wordfly customers begin to disclose ransomware attack on the vendor

Posted on August 6, 2022 by chum1ng0

Wordfly is a digital marketing platform that offers email, SMS marketing, forms and surveys for its clients to use with their customers or contacts.

On July 10, Wordfly experienced a ransomware attack that encrypted their environment and disrupted services until July 29, when their status account tweeted:

WordFly has returned to service. Thank you for your tremendous amount of patience and support. More info is coming to your inbox soon. https://t.co/s7YFm0f8U0

— WordFly Status (@wordflystatus) July 29, 2022

WordFly has returned to service. Thank you for your tremendous amount of patience and support. More info is coming to your inbox soon. https://t.co/s7YFm0f8U0

A fuller description of the incident by Wordfly can be found on their site. The statement does not indicate who the bad actor was. Of note, they report that the customer data included “email addresses, names, and other data our customers import or collect via Wordfly.”

In their disclosure, Wordfly also states:

It is our understanding that as of the evening of July 15, 2022, the data was deleted from the bad actor’s possession. We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked or disseminated elsewhere. We also have no evidence to suggest that any of this information has been, or will be, misused.

So how did this deletion happen? Did Wordfly pay a ransom demand? DataBreaches sent an email inquiry to Wordfly days ago but no reply has been received.

Notifications Begin

Some of Wordfly’s clients have started notifying their customers. In its FAQ on the incident, Wordfly had written:

Should I contact my customers?

Due to the generally non-sensitive and public nature of the data that we know was exported so far, as well as our understanding of the nature of this ransomware event, we currently have no evidence to suggest that any of this information has been, or will be, misused to perpetrate harm to the rights and liberties of our customers or their subscribers. You may choose to contact your customers out of an abundance of transparency or if you know you uploaded or collected data in WordFly that is sensitive.

An FAQ for U.S./Canadian/Asian Pacific clients of Wordfly was provided separately, here.

As of yesterday, entities that had already disclosed this breach includes U.S. entities such as the Cleveland Museum of Art,  Louisville Zoo,  and the Smithsonian National Zoo.

Non-U.S. entities reporting the breach include:

Canadian entities reported by The Globe and Mail: the National Ballet of Canada, Toronto Symphony Orchestra, Canadian Opera Company, Canadian Stage Company, and The Musical Stage Company. Other Canadian entities include OceanWise, the Vancouver Symphony Orchestra, and Winspear.

The National Gallery of Australia and Sydney Dance Company in Australia  announced the breach, as did the Royal New Zealand Ballet.

In the U.K., the Box Plymouth and Courtauld Gallery both issued notifications.

The preceding are just a sampling of notices we have found around the web and there are likely many more.


Dissent also contributed to the research and reporting of this incident.

Category: MalwareMiscellaneousSubcontractor

Post navigation

← RaidForums admin “Omni” granted conditional bail while U.K. considers U.S. extradition request
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.