Anyone know what's going on with the Met Opera? Sounds like a cyberattack has taken down Tessitura for them for more than 24 hours already. Any cause for concern or new vulnerabilities exposed for the rest of us?
Hi Wyndham. We are aware of the cybersecurity incident impacting the Metropolitan Opera’s technology infrastructure. While it wouldn’t be appropriate for us to comment on any individual member’s operations or security, we can confirm that the systems impacted are outside of our hosting environment. Tessitura has not experienced a cyberattack. Our systems, including our hosting environment, are secure and operating normally. We are in communication with the Metropolitan Opera and are standing by to help any way we can. You can find additional information about Tessitura’s security policies here, and we will post a Security Update shortly.
Thank you,
Jeff Oliver
Vice President, Hosting Services
If you should find out that this may occur for others is it safe to assume you will notify us all?
Thanks,
H.
Hi Heather,Yes, absolutely. We have posted a Security Update on our website and will issue subsequent updates if needed. At Tessitura we have a team of dedicated security experts on staff. We employ multiple layers of defense and are committed to a strict compliance regime. Our entire team receives regular training on cyber security awareness and best practices. We continuously review the threat and solution landscape for our hosted members.To receive email notifications of posted support alerts and security updates, click on you name on the top righthand corner of the website, and select My Communication Preferences. Make sure the Support Updates & Alerts box is checked under Email Communications.Thank you,Mara Hazzard-WallingfordChief Growth Officer, Tessitura
We have posted a Security Update on our website to let our members know that Tessitura's systems are secure and operating normally. We have a team of dedicated security experts on staff and continuously review the threat and solution landscape for our hosted members.
To receive email notifications of posted support alerts and security updates, click on you name on the top righthand corner of the website, and select My Communication Preferences. Make sure the Support Updates & Alerts box is checked under Email Communications.
Mara Hazzard-WallingfordChief Growth Officer, Tessitura
This is an excellent reminder to all organizations that having a security review and contingency plans for things like Tessitura outages (whatever the cause) are not optional. I fear that a lot of organizations' leadership think "We're just an arts organization, no-one is going to bother targeting us" but even small (not to you!) payouts can be cost effective for "cybercriminals" (got to be a less dated name). Also, certain state-sponsored criminal organizations are obviously under great financial pressure at the moment to produce money and "wins". The attack on Wordfly galvanized us to finally do significant work on the latter.
The Met's statement about continuing with events even without the ability to do ticketing strongly suggests that they had a robust contingency plan in place.
At CSO, we have to provide periodic updates to our Executive Committee regarding our cyber security risk and preparedness. In advance of that next update, I've already been asked to provide any information available regarding the underlying nature of the cyber security incident experienced by the Met recently.
Understanding that details of these types of events are often guarded, is anyone aware of any additional information regarding the nature of this incident other than the impact that was publicly reported?
Hi Dan
Thanks for reaching out. While it wouldn't be appropriate for me to comment on any individual member's security operations, I can confirm that the impacted systems were not connected to Tessitura's hosting environment. In addition, Tessitura's in-hous security team and I assessed that this incident did not introduce any new security risks for our members.
Based on what has been publicly reported, the attack on Met Opera impacted all internal systems on their network, including payroll, email, and Tessitura. We initiated our cybersecurity incident response plan in response to the issue. In the weeks following the incident we closely monitored the hosted environment and found no suspicious behavior.
You may be aware that the Met worked with another Tessitura member organization to sell tickets to upcoming performances, demonstrating both organizations’ confidence in the security of the Tessitura software.
Tessitura’s security team is made up of in-house specialists complemented by a world-class managed security service provider. We protect our systems and data using layers of technical and process controls and validate those controls using a strict compliance regime. When vulnerabilities are discovered, we communicate their impact and remedy as soon as we can. We post security updates on our website whenever there is information we need to share with you. You can find additional information about Tessitura’s security policies here: https://www.tessituranetwork.com/en/Support/Security
If you have any questions or concerns, please contact me directly or submit a help ticket.
Best regards
Nic Boling
Vice President of Information Technology & Security, Tessitura