Information about a Recent Security Incident

Article author
Kirk Bentley
  • Updated

Safeguarding and protecting the privacy and confidentiality of our customers and their data is a top priority of ours at WordFly.

On July 10, our Engineering team became aware of a network disruption that rendered our technological environment inaccessible. The incident was propagated by a bad actor who conducted a ransomware attack on WordFly, resulting in the encryption of the WordFly application.

WordFly safely and securely returned to service on July 29.

 

What happened and our response

Immediately upon discovering the incident, we acted swiftly to address it. Beginning July 10, we opened an investigation and engaged outside digital forensics experts to understand what had happened and the potential impact. We also engaged cybersecurity professionals to assist us with safely and securely restoring WordFly systems.

On July 14, as part of the same incident, we learned the bad actor responsible for this ransomware event exported the email addresses and other data our customers utilize to communicate with their subscribers from our environment to an external location. We can now confirm that only a small subset of our customer base had data exported by the bad actor that perpetrated this incident. At this time, we believe that the exported data was not sensitive in nature and largely consisted of names and email addresses.

It is our understanding that as of the evening of July 15, 2022, the data was deleted from the bad actor’s possession. We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked or disseminated elsewhere. We also have no evidence to suggest that any of this information has been, or will be, misused.

 

Current status

At this time, it is our understanding that this situation has been contained. Our investigation of the incident is ongoing, and our forensics experts are still examining evidence to determine its root cause. At this time, we have safely and securely restored the WordFly application and WordFly is back online.

 

Going forward

We take the security of the data and systems very seriously. If you’d like more information about the security WordFly employs to protect data you upload, please read our general security statement. We’re confident in the security measures we’re implementing to protect our customers’ data and help prevent future incidents.

We’re committed to providing transparent communication as we continue our investigation of this incident. We’ll update this statement with additional facts or findings as needed.

Please contact us at support@wordfly.com if you have questions. 

 

FAQs

Was my data compromised?

Customer data including email addresses, names, and other data our customers import or collect via WordFly forms was exported by the bad actor who perpetrated this incident. We can now confirm that only a small subset of our customer base had data exported by the bad actor that perpetrated this incident. We have no evidence to suggest that the data was misused for any purpose by this bad actor, nor made publicly available by the bad actor. Further, it is our understanding, the data has now been deleted from the bad actor’s possession.


Should I contact my customers?

Due to the generally non-sensitive and public nature of the data that we know was exported so far, as well as our understanding of the nature of this ransomware event, we currently have no evidence to suggest that any of this information has been, or will be, misused to perpetrate harm to the rights and liberties of our customers or their subscribers. You may choose to contact your customers out of an abundance of transparency or if you know you uploaded or collected data in WordFly that is sensitive.


What is WordFly doing to prevent something like this from happening in the future?

The security of our customers’ data is our top priority. We’re implementing additional protections to further harden our environment and ensure the security of our customers’ data.