ROH Email supplier not operational

[Henry]

I haven't found a topic for this - so starting a new one.  Please move, if this is in the wrong place.  

 

https://www.roh.org.uk/news/contact-with-our-customers

 

The above news is about ROH being unable to send out emails.  

 

Reading the statements on the Wordfly site, this seems very serious.  It's talking about hackers and ransomware.  

 

https://updates.wordflystatus.com/

 

Does this apply only to Marketing emails or are transactional emails (emails confirming ticket purchase etc.) also not getting through?  Not currently being a Friend of ROH, I haven't been buying any tickets recently - but had planned to buy some next week when booking opens.   Has anyone bought tickets in the last few days. Did email confirmations come through? 

 

 

 

 

[Jan McNulty]

Thanks for this Henry.  I haven't seen it mentioned anywhere else.

[Guest oncnp]

23 minutes ago, Henry said:

Has anyone bought tickets in the last few days. Did email confirmations come through? 

 

I booked in mid-June and didn't receive any e-mail confirmations. I asked the box office about it and never really got an answer. Perhaps they are not sending out confirmations anymore? 

[Lynette H]

I had an email confirmation from ROH yesterday. 

[Jan McNulty]

5 minutes ago, oncnp said:

 

I booked in mid-June and didn't receive any e-mail confirmations. I asked the box office about it and never really got an answer. Perhaps they are not sending out confirmations anymore? 

 

I would expect a confirmation email from anywhere that I did business online as it provides proof of your transaction.  Did you receive the tickets via email?

[Guest oncnp]

1 minute ago, Jan McNulty said:

 

I would expect a confirmation email from anywhere that I did business online as it provides proof of your transaction.  Did you receive the tickets via email?

 

No. They are accessible in my ROH account which the box office said was sufficient. No further help was offered. 

[Henry]

As Lynette had a confirmation of purchase yesterday, it sounds like transactional emails are getting through.  

 

Just checked through some old marketing emails and they contained "source=wordfly" in the click through link.  It sounds like the issue only applies to Marketing emails.  

 

I think Oncnp's missing email issue must have been a different problem.  Accidentally deleted, gone to Junk mail folder, etc.   Especially as the Wordfly problem is stated as starting on 11th July ("10 days ago"). 

 

So it sounds like the usual email reminders about booking dates etc.  won't be sent out.  Very annoying for the Marketing Department!  Will anyone notice the difference?  🙂

 

 

[Guest oncnp]

2 minutes ago, Henry said:

 

I think Oncnp's missing email issue must have been a different problem.  Accidentally deleted, gone to Junk mail folder, etc.   Especially as the Wordfly problem is stated as starting on 11th July ("10 days ago"). 

 

Different problem yes but not deleted or in junk mail (thoroughly checked). 

 

"is stated" (when they found it) v. actually happened? 

[Henry]

Seems to apply to many other organisations.  

 

https://www.artsprofessional.co.uk/news/exclusive-major-arts-organisations-affected-ransomware-data-breach

 

This article mentions "Southbank Centre, Royal Shakespeare Company ... and The Old Vic among many UK arts organisations".  I think on this scale, it would have been discovered quickly.  A marketing email is sent out - and nobody clicks through to respond! 

 

Does sound very serious.  Rather surprised this hasn't been reported more widely.  

 

 

Edited July 21, 2022 by Henry
spelling mistake

[Henry]

Just googling around it seems that some Australian arts organisations are effected.

 

https://belvoir.com.au/posts/2022/07/20/email-marketing/

 

https://www.melbournerecital.com.au/news/2022/07/an-important-update-about-melbourne-recital-centres-email-marketing-service-provider/

 

It seems that Wordfly is often used to integrate functionality with Tessitura (the ticketing and events system).   There's a paragraph here that talks about using Wordfly to communicate with people booked on a particular event (for cancellations, changes etc. ).  

 

https://www.tessituranetwork.com/en/Items/Articles/News/2020/Facilitating-Learning-and-Connection

 

If it is used by a lot of Tessitura's customers, it will be fairly global issue - and it seems to be a criminal issue judging by comments on Ransomware. 

 

 

[capybara]

As I read it, the email addresses of people on the ROH database are now available to the hackers. If so, this is a very serious breach of data protection regulations and the ROH’s code of practice (which is mandatory under law) should provide for informing all those affected.

Except that……..it seems that the ROH no longer has the means of communicating with its customers. A perfect storm!

[Guest oncnp]

5 minutes ago, capybara said:

As I read it, the email addresses of people on the ROH database are now available to the hackers. If so, this is a very serious breach of data protection regulations and the ROH’s code of practice (which is mandatory under law) should provide for informing all those affected.

Except that……..it seems that the ROH no longer has the means of communicating with its customers. A perfect storm!

 

Yet they haven't even updated the website or any mention on social media. Not the same but it would be some sort of notification. 

Edited July 21, 2022 by oncnp

[alison]

Thank you, Henry, for alerting us to this. I've always found WordFly distinctly irritating, as a number of my browsers won't open its links, but this is distinctly concerning.  

 

If anyone is concerned at any time about whether their data has been leaked, you can always visit https://haveibeenpwned.com/ - I actually did this a few days ago because my internet security provider alerted me to the fact that one of my email addresses had been leaked (in 2017 - thanks, McAfee: I'd only been with you for over a year at the time!)

[Henry]

I think you are right @capybara  They do need to notify people as soon as possible - but can't do it!   Just checked the Southbank Centre website - and can't find any mention of the issue.  I think someone there needs to be told of their duties!  

 

It will also need to be reported to the Information Commissioner's Office (ICO) who look after Data Protection  legislation.  

 

Please be on the look out for fake Arts Organisation emails.  At least credit card details won't be involved.  I hope the ransom isn't paid. 

 

 

[bangorballetboy]

I received emails from the ROH box office last Tuesday and Friday.  I have also received the automatic email with my eticket for this Saturday.

[Henry]

@bangorballetboy

 

My understanding is that individual emails (e.g. a reply to your question) and transactional emails (confimation of purchase etc. ) are going out as normal.  The problem is with the system used for Marketing type emails.  e.g. mailing everyone attending a particular event, everyone about new items in the ROH shop, reminders about booking dates etc.  

 

 

[Beryl H]

I have just booked a NBT ticket for the Linbury and received an E-mail immediately. I had a message a couple of days ago (can't remember from who) saying I was not alone on my Internet connection, or words to that effect, and I quickly shut my computer down, I wasn't using E-mails at the time, it was scary!

[San Perregrino]

I’ve changed my password just in case. Always advisable on a regular basis though I rarely remember to do so. Better safe etc etc 

[alison]

Me too.

[LinMM]

Sorry if being a bit thicko here do you mean you changed your password for the ROH (usually only use when buying tickets as only time I really log in) 

Its so long since changed it that forgotten what to do. 
When you log in does an opportunity to change the password automatically come up? Or do you have to do something else? 

[Guest oncnp]

3 minutes ago, LinMM said:

Sorry if being a bit thicko here do you mean you changed your password for the ROH (usually only use when buying tickets as only time I really log in) 

Its so long since changed it that forgotten what to do. 
When you log in does an opportunity to change the password automatically come up? Or do you have to do something else? 

Click "Sign  in" on main page then Forgot password?

Edited July 23, 2022 by oncnp

[LinMM]

Are the ROH advising people to do this? 
Thanks for your super fast reply oncnp! 

[Guest oncnp]

5 minutes ago, LinMM said:

Are the ROH advising people to do this? 
 

 

The ROH hasn't even admitted the data breach happened yet 

[LinMM]

I’m speechless! 

[capybara]

8 hours ago, oncnp said:

 

The ROH hasn't even admitted the data breach happened yet 

 

They are required under GDP regulations to do this and to report the incident (which is a serious one) to the Information Commissioner's Office.

 

[Guest oncnp]

7 minutes ago, capybara said:

 

They are required under GDP regulations to do this 

 

 

That's as may be, but have you seen anything? No update on website or social media. They have channels but aren't using them. 

[capybara]

1 minute ago, oncnp said:

 

That's as may be, but have you seen anything? No update on website or social media. They have channels but aren't using them. 

 

A neglect which compounds the breach.

[Lizbie1]

But I haven't seen anything from, for example, the RSC either, so perhaps we shouldn't rush to condemn ROH.

[MJW]

This is from the Courtauld which gives a bit more info

 

https://courtauld.ac.uk/news-blogs/2022/wordfly-incident-and-response/

[bridiem]

21 minutes ago, MJW said:

This is from the Courtauld which gives a bit more info

 

https://courtauld.ac.uk/news-blogs/2022/wordfly-incident-and-response/

 

That seems to me to be exactly the sort of statement that all affected organisations should have made. I don't understand why the ROH hasn't done this. 

[Lizbie1]

2 hours ago, MJW said:

This is from the Courtauld which gives a bit more info

 

https://courtauld.ac.uk/news-blogs/2022/wordfly-incident-and-response/

 

It says they're notifying their visitors but I'm on their mailing list and I've had nothing yet from them - though I understand the difficulties! I don't see how having a better statement on their website really changes much. How many people will have just come across this?

[Guest oncnp]

19 minutes ago, Lizbie1 said:

 

It says they're notifying their visitors but I'm on their mailing list and I've had nothing yet from them - though I understand the difficulties! I don't see how having a better statement on their website really changes much. How many people will have just come across this?

 

For me, it shows the institution is doing what it can and acting in good faith. 

[Bruce Wall]

Really appreciated getting this today from NBoC - 

 

We are writing to let you know about a recent incident involving your personal information and a service provider that The National Ballet of Canada uses to keep you updated by email.
 

What happened?
The National Ballet of Canada uses a third-party service provider named WordFly to help us prepare and deliver various email communications. We understand that WordFly’s network was disrupted by a ransomware attack on their systems between July 10 - 14, 2022. WordFly has indicated that the attacker exported certain personal information from WordFly’s systems, including information belonging to National Ballet of Canada patrons. We sincerely apologize that this incident has affected you.
 

What information was involved?
WordFly has advised The National Ballet of Canada that some of your personal information was involved in this incident, specifically your name and email address and your patron ID. WordFly did not process any credit card, debit card or other financial information, and this information was consequently not involved in this incident.
 

What are we doing?
Upon learning of this incident, The National Ballet of Canada notified the Office of the Privacy Commissioner of Canada and we are notifying all affected patrons. We also continue to be in close contact with WordFly as they work with their cybersecurity team.

WordFly has advised The National Ballet of Canada that upon learning of this incident, they immediately engaged cybersecurity professionals to assist in their investigation, and to securely restore WordFly’s systems. In addition, WordFly understands that, as of July 15, 2022, the stolen data was deleted and is no longer in the possession of the attacker. WordFly’s external cybersecurity experts also continue to monitor the Internet for any potential misuse of the data.

The National Ballet of Canada will also be temporarily using Mailchimp, a leading email service provider, to ensure minimal disruption to our communications with you.
 

What can you do?
We encourage you to be cautious of unsolicited emails asking for personal information, and not to click links or open attachments from suspicious emails. Neither WordFly nor The National Ballet of Canada will ever ask you for your financial information via email.
 

For more information
Please be aware that several arts organizations across Ontario use WordFly as their email provider, so you may receive multiple emails on this topic if you are signed up with other companies that use them as well.

We sincerely regret any inconvenience or concern that this incident may have caused you. Please do not hesitate to contact us at info@national.ballet.ca or 416 (1 866) 345 9595 if you have any questions. We thank you for your ongoing support.