Preemptively, I'd like to flag that we should connect around strategy if it's appropriate for all WordFly-based orgs to reach out to our patrons about the ransomware data breach.
I have absolutely nothing deeper than that to say yet, but it occurred to me earlier today that, should we need to do this, a good number of tri-state area people may suddenly be on the receiving end of dozens of alarming notifications and make the issue feel even larger. A coordinated notification may be a better approach.Should today's Town Hall reveal that we ought to pursue this, we'll spin up an initial Zoom or something along those lines.Please go ahead and use this thread to note ideas or even just interest.CC: to the NJ folks, Howard Levine and Mark DuBose
Just wanted to report that about 36 people from a wide range of New England institutions met on a Zoom call yesterday afternoon. The general consensus seemed to lean toward a coordinated and somewhat low key announcement that organizations would include in a pre-existing monthly e-newsletter. A draft for coordinated language was discussed, and is now being revised. The suggested timeline was for orgs to send out with existing mailing(s) sometime between August 1 and August 12. (Some orgs may be unable to do this if Wordfly isn't back up by then, so that remains an open question.) The general sense was that for almost everyone the information that could have been disclosed does not meet the standard that triggers legal requirements under Massachusetts law (which was home base for most of the orgs), but that it was still best practice to disclose what we know.
There is some hope that by then Wordfly will have stood up a more subscriber-focused FAQ that we can link at the bottom of this announcement. If not, there was discussion of linking to their existing bulletin.
Can continue to report on this and/or make connections if coordination between New York and New England orgs seems useful.
I appreciate the contribution, David, and like this new option of a note rather than a dedicated communication--always the best strategy to try to identify all the permutations something could take rather than assuming there's only a binary.