San Francisco Jazz Organization (SFJAZZ) celebrates the comprehensive history of jazz as a non-profit entertainment presenter. It provides specialized education programs for students and year-round concert initiatives. SFJAZZ is also a victim of a May ransomware scheme.
Unauthorized actors breached the SFJAZZ systems and encrypted several file components, then held them for ransom. The attackers also accessed consumer and employee details stored within those components. The notice provided to California’s Attorney General’s office does not speak on how the attack was possible.
The encryptions appeared on or around May 23rd, 2023; by June 1st, experts removed them, and an investigation began. The investigation ended around June 16th, confirming that the assailants accessed data. Around August 17th, SFJAZZ determined the cyberattack exposed more details than initially found; subsequently, they began notifying impacted parties and offices.
The breach initially involved members, but this recent notice has confirmed employee data is also at risk. It is unknown how many people may feel the consequences of the leak, and the number may increase if other investigations are more thorough. At this point, members of SFJAZZ and employees must consider defensive options.
SFJAZZ’s update on their first notice implies the breach consequences may be significant. Those who received the original letter are not at additional risk but may still receive a breach notice. Everyone who receives a breach notice must take immediate action to protect themselves.