Friday, July 22, 2022
UPDATED: Wednesday, August 3, 2022
We want to let you know about an incident that occurred at a company that we use to send email communications to our
community about our programs and events. The company, WordFly, notified us on the evening of July 11th that they were
experiencing a network disruption rendering their services inaccessible, which they later determined was due to a
ransomware attack.
On Thursday July 14th, they notified us that some of their customer data, namely email addresses and names we upload to
their service to send email communications, may have been impacted by this incident. On Friday July 15th, WordFly
confirmed that, as part of the incident, data we maintain on their service was exported as part of the attack. WordFly
shared with us that they worked with the attackers, and they believe the information has been deleted and there will be
no further misuse of this information.
On July 22nd, we posted a notice to our website about this incident with the information we had available at that time.
On August 1st, WordFly sent us a notice that through their forensic investigation they were able to
determine that only a subset of organizations had data impacted by the incident and confirmed that
Smithsonian Associates data was not compromised.
We want to reassure you that we use this service to facilitate email communications and we do not store any information
in the system that is financial or sensitive that could have been exposed by this incident. We will continue to monitor
this situation and receive updates from WordFly and the forensic experts assisting them with this incident. If we learn
any additional information about the information that was exported or have any reason to believe the data has not been
deleted by the attackers, we will send an update to this notice.
WordFly has posted a statement and FAQs about the incident
and has setup a website to provide status information on their efforts.
The Smithsonian is committed to protecting the privacy of all information you share with us and has programs in place to
ensure the security of this information.