RPO hit by cyberattack; orchestra says donor data was not compromised Security team investigates possible sensitive data impact.
The Rochester Philharmonic Orchestra said a cyberattack temporarily cut off access to parts of its IT network in October. Orchestra officials are working with cybersecurity experts to further secure the network.
Orchestra says donor data safe after cyber breach
"The system that houses our patron and donor transaction data was not impacted by the incident," an RPO spokesperson said in a statement. "We are working closely with our security team and our employees to determine the extent to which other sensitive data may have been impacted and are exploring all remediation options available."
The RPO did not provide any further details about the attack. It said all issues have since been fixed, and security measures in place limited the impact of the incident.
— Kayla Canne covers community safety for the Democrat and Chronicle with a focus on police accountability, government surveillance and how people are impacted by violence. Follow her on Instagram @bykaylacanne. Get in touch at [email protected].
Rochester Philharmonic Orchestra cybersecurity rating report: https://www.rankiteo.com/company/rocphils
"id": "ROC1764813866",
"linkid": "rocphils",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'incident': {'affected_entities': [{'customers_affected': 'None (donor/patron '
'data confirmed '
'safe)',
'industry': 'Arts and Culture (Orchestra)',
'location': 'Rochester, New York, USA',
'name': 'Rochester Philharmonic Orchestra '
'(RPO)',
'size': None,
'type': 'Non-profit organization'}],
'customer_advisories': {'details': 'Donors/patrons notified that '
'their transaction data was '
'not impacted',
'status': True},
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': {'details': 'Non-donor/patron '
'sensitive '
'data '
'potentially '
'affected',
'status': 'Under '
'investigation'}},
'date_detected': '2023-10',
'description': 'The Rochester Philharmonic Orchestra (RPO) '
'experienced a cyberattack in October that '
'temporarily disrupted access to parts of its IT '
'network. While donor and patron transaction data '
'remained unaffected, the organization is '
'investigating potential impacts on other '
'sensitive data. The incident has since been '
'resolved, and security measures were effective '
'in limiting its scope.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': {'details': None,
'status': 'Under investigation '
'(non-donor/patron '
'data potentially '
'affected)'},
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'Temporary disruption to IT '
'network access',
'payment_information_risk': 'None (donor/patron '
'transaction data '
'confirmed safe)',
'revenue_loss': None,
'systems_affected': 'Parts of IT network (temporary '
'access disruption)'},
'investigation_status': 'Ongoing (extent of sensitive data '
'impact being determined)',
'post_incident_analysis': {'corrective_actions': {'details': None,
'status': 'Security '
'measures '
'reinforced'},
'root_causes': None},
'references': [{'date_accessed': None,
'source': 'Democrat and Chronicle',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': {'details': 'Public '
'statement '
'released via '
'spokesperson',
'status': True},
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': {'details': 'All issues fixed',
'status': 'Completed'},
'remediation_measures': {'details': 'Exploring all '
'available '
'options',
'status': 'Underway'},
'third_party_assistance': {'details': 'Cybersecurity '
'experts '
'engaged',
'status': True}},
'stakeholder_advisories': {'details': 'Public statement '
'confirming donor/patron '
'data safety',
'status': True},
'title': 'Rochester Philharmonic Orchestra (RPO) Cyberattack',
'type': 'Cyberattack'}}