WordFly Data Security Incident

WordFly Data Security Incident

3 August 2022

We want to let you know that The Box was recently made aware of a network security incident at a company we use to send email communications about our updates, event information and memberships.

The company, WordFly, was the target of a bad actor who instituted a ransomware attack on 10 July 2022 against the WordFly environment.

On August 1, 2022, we received formal confirmation that our subscriber data was impacted by this incident. It is our understanding that a bad actor exported our customer data housed within the WordFly environment (names and email addresses). However WordFly has been assured by the bad actor that all the data has been deleted and it was not shared or disseminated prior to its deletion. WordFly has also retained outside forensics experts and based on its own investigation has not seen any evidence that the impacted data was misused by the bad actor prior to its deletion.

We would like to reassure you that we use this service to facilitate email communications only and as we do not store any financial records, credit card or other sensitive information in WordFly, these have not been compromised.

We are sorry for any concern this may cause. We have notified our Data Protection Officer of this breach and have taken advice from them to ensure we remain vigilant around our data protection practices.