WordFly Incident FAQ for U.S./Canadian/Asia Pacific based Customers

Article author
Kirk Bentley
  • Updated


Learn more about what happened and details shared about the incident 
here.

 

Impacted data

 

Was the data my company uploaded to WordFly impacted as a result of this incident?

We learned that data that a small subset of our customers utilize in WordFly, to communicate with their subscribers, was exported from the WordFly environment by the bad actor responsible for this ransomware event.

We currently understand that the scope of this exported data would not have included potentially identifiable information that is regulated under applicable data privacy authorities within the United States, Canadian, and/or Asia Pacific jurisdictions. In the event that our investigation leads us to a different conclusion, or we discover new information that suggests otherwise, we will notify you as necessary as quickly as we are able to.

While this data was exported from the WordFly environment by the bad actor that perpetrated this incident, it is our understanding that as of the evening of July 15, 2022, that data has been deleted from the bad actor’s possession. We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked over the dark web and/or sent to any other public facing domain/disseminated elsewhere.

At this time, we do not believe the data that was impacted included potentially identifiable information that is likely to be used to perpetrate financial harm and/or loss. We also have no evidence to suggest that any of this information has been, or will be, misused.

 

Was my company’s WordFly password and/or login credentials implicated in this incident?
Do they need to be reset?

No, we have no evidence to suggest that our customers password and/or login credentials were implicated in this incident. However, all users will need to reset their password when the service is restored.

 

Has the data my company uploaded to WordFly been misused in any fashion?
Do you anticipate that the data may be misused or leaked?

We can now confirm that only a small subset of our customer base had data exported by the bad actor that perpetrated this incident.

We do not believe the data that was impacted included potentially identifiable information that is likely to be used to perpetrate financial harm and/or loss. We have no evidence to suggest that any of this information has been, or will be, misused.

While this data was exported from the WordFly environment by the bad actor that perpetrated this incident, it is our understanding that as of the evening of July 15, 2022, that data has been deleted from the bad actor’s possession. In addition, we have no evidence to suggest, before the bad actor deleted the data, that the data was leaked over the dark web and/or sent to any other public facing domain/disseminated elsewhere.

 

Was my company credit card and payment information implicated in this incident?

No, our customers’ credit card and payment information is stored in a completely separate environment from the WordFly environment, which was not impacted by this incident. There is no cause for concern as to the security of your credit card, and/or PayPal information.

 

Is the data stored by WordFly-integrated partners at risk?

No. Your data stored by integration partners is not on our servers and so it was not part of the cybersecurity incident.

 

Was my company’s data from TMS (the predecessor of WordFly) transferred over to WordFly?

Yes, our customer data that was stored or contained within TMS would most likely have been moved over to WordFly and could have been exposed during this incident.

 

How long does WordFly retain our data?

For most organizations, the answer is that WordFly has kept all your data for as long as you’ve been a customer and for the purpose for which it was collected. The exception being some larger and long-term customers who have worked with us over the years to archive historic data. For most customers, we don’t routinely archive or delete anything.

 

Will we be provided with access to the data that may have been impacted by this incident?

Yes, now that WordFly has returned to service you have access to your uploaded data.

We currently understand the scope of this data would have primarily included names and email addresses, as well as any data that you imported into WordFly or collected on a form (survey, signup, rsvp) that resides in WordFly.

 

 

Miscellaneous

 

Did WordFly have appropriate security measures in place prior to this incident?
Will WordFly implement measures in the future to mitigate against future incidents?

We invested significant time and resources into our computer systems and practices to ensure we were appropriately securing information, and we will continue to do so. Following this incident, we will be reviewing our current systems and processes and taking additional steps to further harden our environment, as necessary. Safeguarding and maintaining the confidentiality of our customers’ data remains our priority. 

We take our security culture, infrastructure, and the trust of our customers seriously. We’re confident in the security measures we’re implementing and steps we’re taking to further protect our customers’ data and help prevent future incidents.

 

Does WordFly have cyber insurance?

Yes, we do. However, we do not divulge the details and circumstances of our insurance policies.

 

Has this matter been reported to law enforcement?

Yes, this matter has been referred to the United States Federal Bureau of Investigation and therefore, it is an ongoing criminal investigation.

 

Will our invoice be prorated for the downtime?

 In recognition of the importance of our ongoing relationship, we are waiving all fees for WordFly for the months of July and August. 


Are my company and customers now at a heightened risk for phishing email attempts?

We have no evidence that the email addresses implicated in this incident have been, or will be misused. We understand that the bad actor who removed those email addresses from the WordFly environment has now deleted those email addresses.

Email addresses are generally publicly available information that individuals exchange freely share on a daily basis via email itself, or via publicly available websites. We believe your company and your subscribers are at no further heightened risk for targeted phishing campaigns than you were before this incident. As always, best security practices and internal education are recommended to avoid any attempted phishing campaigns.

If you suspect you’ve received a malicious or phishing email, do not click any links. If the phishing email appears to be from a company you are a customer of, we recommend reporting it to that company directly.

 

Are you notifying any U.S./Canadian/Asian Pacific authorities of this incident?

Our investigation of the incident remains ongoing. We currently understand that the scope of this exported data would not have included potentially identifiable information that is regulated under applicable data privacy authorities within the United States, Canadian, and/or Asia Pacific jurisdictions.

For these reasons, we do not anticipate notification to any of the above referenced authorities. Although we have notified the Federal Bureau of Investigation of this incident, and therefore we are treating this as an ongoing criminal investigation. In the event our investigation leads us to a different conclusion, or we discover new information that suggests otherwise, we will notify you as quickly as we are able to.