Back to Posts

An Incident Involving Our Third-Party Email Vendor

UPDATE as of 8/1/22:

We have been informed by our vendor that none of our data has been impacted as a result of this incident. This means you have absolutely nothing to worry about!


On Friday, July 15th, the RPO was made aware of a ransomware attack on the vendor (WordFly) who handles our outgoing email blasts to RPO patrons, causing a denial of service that started earlier in the week. As a result, the RPO was not able to send our regularly scheduled email marketing correspondence to our constituents.

Please be assured that the RPO data housed on WordFly was limited to names and email addresses only, and that no RPO or RPO patron financial data has been impacted as a result. On July 15th, the vendor reported that it had paid the ransom and foresees no future impact from this attack.

We have since moved to a different email marketing provider so that we can continue to communicate with our patrons. Although the compromised data has been deleted from the threat actor’s possession, please continue to be cautious when opening any email and contact the RPO directly at 585-454-5400 or via email at [email protected] if you have any questions or concerns regarding this issue.

Thank you for your continued support of the RPO!


Q: What happened recently with the RPO’s email marketing platform?
A: Our email marketing vendor, WordFly, experienced a denial of service attack in the form of a ransomware demand that has rendered their email platform inoperable since July 10th.

Q: What type of information and/or patron data does the RPO house on WordFly?
A: The RPO only uploads patron names and corresponding email addresses to the platform in order to facilitate email marketing initiatives.

Q: Was any of my personal credit card information or financial data involved?
A: No, the RPO does NOT share patron financial data with outside vendors, nor was any personal patron information uploaded to the platform, outside of names and corresponding email addresses.

Q: Am I at heightened risk for email phishing attacks as a result?
A: We have no evidence that the email addresses implicated in this incident have been, or will be misused. We understand that the bad actor who removed those email addresses from the WordFly environment has now deleted those email addresses.

We believe your email address is at no further heightened risk for targeted phishing campaigns than you were before this incident. As always, best security practices are recommended to avoid any attempted phishing campaigns.

If you suspect you’ve received a malicious or phishing email from the RPO, do not click any links and please contact the RPO directly at 585-454-2100 or via email at [email protected] .