Skip to main content

A ransomware attack hit Toronto Public Library. Here’s what that means

The Toronto Public Library (TPL) has confirmed the cybersecurity breach that caused a 10-day outage was brought on by a ransomware attack.

In a statement Tuesday, TPL said the cyberattack continues to impact some of the library’s services, including, but not limited to, accessing its website, digital collections and online access to user accounts. Library branches are still open, but public computers and printing services are currently unavailable.

A spokesperson for the library said a report with the Toronto Police Service has been filed. In its public statement, TPL said it is also working with third-party cybersecurity experts to resolve the situation.

“There continues to be no evidence at this time that the personal information of our staff or customers has been compromised,” the library said in the updated statement.

The TPL noted it “will take a week or more” before everything is fully restored but anticipates some services will be brought back sooner.

Daniel Tsai, technology and business lecturer at the University of Toronto, said ransomware attacks are typically carried out in a couple of ways where either someone clicks on a link, or downloads software through an attachment, providing a “backdoor access” for the hackers to take control.

“It’s basically a malevolent code that gets embedded into your system,” Tsai said.

“I don’t know the extent of what exactly is happening at TPL, but if they said it’s ransomware, then that means somebody, likely an employee, downloaded something or an attachment and activated a file – an executable file – that somehow compromised the system and [has] given, basically, hackers the ability to encrypt it and prevent access to that information by the institution.”


This ransomware attack is just the latest to hit the province in an apparent spike of cyberattacks.

Earlier this month, six Ontario hospitals and health-care institutions confirmed some of their patient and employee data had been stolen in the same manner. A portion of that data has since been posted online.

Back in February, Canada’s largest bookstore chain Indigo Books & Music saw its payment systems go offline and the personal information of some current and former employees compromised.

“First of all, they try to pick targets that they think are going to pay good money,” Tsai said.

“They like going after places that have repositories of data, so that’s banks and public institutions, hospitals. But they also like going after entities that have very poor security, or at least, weak security.”

From the perspective of a cyber attacker, Tsai said TPL would likely be considered “low-hanging fruit.”

“This is all part of a growing trend, and it’s only going to get worse,” Tsai said. “We’ve seen it with hospitals already here in Ontario. We saw it with Indigo Books, and now with TPL. This is only just the beginning.”


Tsai said hackers are looking for sensitive information, like banking, social insurance numbers or employee data. With this information, he said hackers can engage in identity or credit card fraud.

“It depends on how widespread the attack is. Presumably, they tried to go after all the information,” Tsai said. “Employee data seems to be a treasure trove.”

With Indigo Books, for example, the retailer said in March the criminals behind the attack intend to make some – or potentially all – of the stolen data available through the “dark web.”

With regards to the TPL, Tsai said he thinks employee data would be the ”bigger prize” with cyberattacks since their financial information is likely linked.


Basic cybersecurity practices can prevent most ransomware incidents, according to the Canadian Centre for Cyber Security. This can include simulating cyberattacks to determine weak spots and based off the audit’s result, implementing proper features to ensure cyber defences are in place, Tsai said.

The Communications Security Establishment’s Canadian Centre for Cyber Security and the Royal Canadian Mounted Police urge Canadian establishments to review their networks’ cyber security, and have provided advice and recommended IT actions that they can adopt to curb the threat of a ransomware attack Top Stories

Stay Connected