Preemptively, I'd like to flag that we should connect around strategy if it's appropriate for all WordFly-based orgs to reach out to our patrons about the ransomware data breach.
I have absolutely nothing deeper than that to say yet, but it occurred to me earlier today that, should we need to do this, a good number of tri-state area people may suddenly be on the receiving end of dozens of alarming notifications and make the issue feel even larger. A coordinated notification may be a better approach.Should today's Town Hall reveal that we ought to pursue this, we'll spin up an initial Zoom or something along those lines.Please go ahead and use this thread to note ideas or even just interest.CC: to the NJ folks, Howard Levine and Mark DuBose
Good morning (or, here's hoping it is) -
As we wait / begin to have more informed internal conversations, I thought a form-based way of indicating notification thoughts would be practical.
If you're able to weigh in, please note your current intentions here: https://forms.gle/Tk5ZXo9TJ9ciAJt6A
Please note that this is nothing more than a quick and casual tool for temperature taking; it's nothing official, nothing binding. Graphs are simply better options for quick review than email threads. Most likely, I expect this to be something we can look at during the beginning of a call, but we'll see where the week takes us.
If your organization has more than one person actively following this, please decide which one of you should respond so there aren't duplicates. However, should you need to update a response later this week, please feel free to do so--I will do a quick filter/duplicate removal before building graphs.
Thank you, Jamie! The response choices did not really align with what we're thinking so I wanted to share that here:
Our thought is that it's too soon to notify patrons, as the investigation is ongoing. We feel that if and when we do, Wordfly should be leading that messaging, as it was their data breach. The language should come from them, at least in part. And since the compromised data was not personally sensitive, we don't want to rush to notify and potentially alarm them when we don't yet have all of the information ourselves yet.
Co-sign this approach, Jean -- this is exactly what we've been talking about at Playwrights. IF we send a communication, we think it should be unified and led by -- and even sent from -- WordFly. We want to avoid patrons getting multiple messages from multiple orgs.
Following and agreed! We would love to be involved in a unified notification, as suggested above.
Chiming in to agree and wondering if anyone has heard anything new or if anyone has seen any org's sending out a communication.
The Goodman Theater in Chicago sent out a notification.
So did the Shed in NYC.
Hi everyone - With the little burst of activity in this thread, I thought I'd pop quickly in to do a (non)update.I'm back at regular operations after two days on jury duty, so I can get back to facilitating a real-time space for us before the end of the day. I'm aiming for Mon or Tues (but generally haven't gotten much further in my brain).If you didn't do the earlier survey about your orgs current intentions or want to log an update, please do.
Also, I want to acknowledge/put it on everyone's radar that, for some orgs, anything with any question of a data breach (even when already commented on as not qualifying as one by external counsel) immediately moves the conversation away from those who participate in our forums and over to legal or security task forces. So, as you try to identify trends, I caution us all to remember that there are a lot of voices not represented here.
More soon,
Jamie
My understanding is that their email only went to a small segment of their audience, not the full list.
Jumping in from The Shed—we did send to all members and donors from the past 2 years yesterday, and plan to extend to more as our new IP continues warming.