How this affects you: Gulfshore Playhouse part of international arts data breach

Harriet Howard Heithaus, Naples Daily News
·3 min read

Gulfshore Playhouse is warning customers that its marketing data has been breached in a ransomware attack that has hit arts organizations around the world.

The Naples organization, which has a list of 19,000 subscribers, emailed them Tuesday to warn them of the breach. Kimberly Dye, chief advancement officer for Gulfshore Playhouse, says the theft was minimal in scope: names and email addresses.

Although the warning told subscribers they were receiving this email because selected contact information involved in this incident included names, email addresses, addresses and phone number, Dye said the Gulfshore database only had the first two components.

"It doesn't have home addresses or phone numbers or anything, " said Dye, speaking of the service it uses from Wordfly, a Seattle-based arts marketing service that sends out bulk email advertisements, announcements and surveys.

Henry played by Krishna Doodnauth, left, and Kat, played by Rachael Fox, right, act during a rehearsal of “Another Revolution,” written by Jacqueline Bircher and directed by Lisa Rothe, Tuesday, April 26, 2022, at the Norris Community Center in Naples, Fla. Two students with diametrically opposed disciplines, and personalities, are assigned to share the same lab on the campus of Columbia University during the height of the Vietnam War protests that begin spilling over into everything there. Gulfshore Playhouse, which presents both new plays like "Another Revolution," seen here, and classic works, was one of a number of arts organizations affected by a ransomware attack.

Dye said the limited information available from the Wordfly breach was not something they would worry about.

"But we felt because of who we are, and our organizational culture of being transparent, we wanted to let people know their addresses were captured, but nothing was done with them," she said.

Some of the marketing material Gulfshore Playhouse sends out via Wordfly does have a link to click for purchases. But that link takes them to the Gulfshore Playhouse website and from there to a secure, encrypted payment site, Dye said. Wordfly cannot access any of that information.

Youth Haven mural: Naples' Youth Haven, Paul Arsenault make a masterpiece with beauty on many levels

What to do this weekend: Top 5 things to do Aug. 12-14 in Naples

The ransomware attack on Wordfly hit a number of major arts organizations, according to The Register, an enterprise technology news publication. Among them: The Smithsonian Institution, the Sydney Dance Company in Australia; Canada's Toronto Symphony Orchestra; and the Courtauld Institute of Art in London.

What information was taken from others isn't known. But Dye said the notification did not require any action on the part of its email recipients.

Wordfly announced that the company had been able to recapture databases that had been encrypted — locked down to make them inaccessible to Wordfly — from the ransomware thieves July 15.

They said they also had been assured that databases copied from it as collateral had been destroyed.

Harriet Howard Heithaus covers arts and entertainment for the Naples Daily News/naplesnews.com. Reach her at 239-213-6091.

I've been notified; what now?

For a closer look at the Wordfly data breach that affected subscribers to a mailing list from Gulfshore Playhouse, here are a number of points: 

What is Wordfly? Wordfly bills itself as a creator of "friendly marketing tools built for arts, entertainment and cultural organizations." It handles customer engagement with marketing emails and surveys for arts organizations around the world.

What happened to cause this data breach? According to a story in the publication Cyber News, the data breach was July 10. At that time, a ransomware attacker encrypted the Wordfly's data files so the company could not use them until they paid the attackers a ransom.

At the same time, the attackers extracted data from those files, a common practice among such thieves, who threaten to sell the data unless their demands are met.

What data was involved from Gulfshore Playhouse subscribers? According to both the Wordfly news release and Kimberly Dye, chief advancement officer for Gulfshore Playhouse, the only data breached consisted of names and email addresses; no phone numbers or home addresses were involved.

Do the thieves still have the data? According the statement from Wordfly, the data that was taken was deleted July 15: " We have no evidence to suggest, before the bad actor deleted the data, that the data was leaked or disseminated elsewhere."

Conversely, there is no evidence to suggest that information could not have been sold or leaked elsewhere. Those who have received a warning from Gulfshore Playhouse should be careful about opening email links or items.

What do we need to do if we're among those notified? Do not open emails that look unfamiliar or ask you to open items or click on links. Check them by phone or via a separate email to your known address for organization it purports to be from.

This article originally appeared on Naples Daily News: What to know: Ransomware attack targeted Gulfshore Playhouse in Naples