Toronto Public Library still trying to determine if cardholder data was stolen in cyberattack
The Toronto Public Library it is still working to determine the full impact of a crippling cyberattack that disabled the library’s website for months, including whether the personal data of cardholders was accessed.
In the final report to the library board on the Oct. 28 cyberattack, City Librarian Vickery Bowles confirmed that the full extent of the data breach is still under investigation.
- Download our app to get local alerts on your device
- Get the latest local updates right to your inbox
The library previously indicated that the personal information of employees, including social insurance numbers and copies of government-issued identification, was stolen during the incident. Further investigation revealed that some information involving dependents and family members of staff was also impacted.
“Although cardholder, volunteer, and donor databases were not affected, some data about these groups likely resided on the compromised file server,” the report notes.
“The larger e-discovery process to investigate whether customer, donor or volunteer data has been taken from the affected file server is underway and will take more time to complete.”
Bowles added that the library will “continue to be transparent” and will notify anyone else who may be affected.
A final accounting of the data breach will be sent to Ontario’s Information and Privacy Commissioner, the report noted.
According to the report, third-party experts tasked with conducting a forensic analysis on the cause of the cyberattack have concluded that the attackers “breached a vulnerability in an internet-facing server” before “exfiltrating and encrypting data from a file server.”
“TPL’s quick action to isolate the environment immediately on discovering the attack led to containment on October 29, 2023, reducing further potential exposure,” the report read.
'A disturbing reality'
The library, Bowles said, has addressed the situation by rebuilding its network and implementing a number of cybersecurity enhancements.
“The rise in data security and ransomware incidents affecting organizations dedicated to community wellbeing, including hospitals, school boards, and libraries like TPL, is a disturbing reality,” the report concluded.
A sign at a Toronto Public Library branch is seen in this undated file image. (CTV News Toronto)
“Public sector organizations are increasingly becoming targets, whether motivated by financial gain or sheer malice. In the case of public libraries, dedicated to equity, access to information, intellectual freedom, and openness for all, this represents an attack on the very essence of civil society.”
Toronto library users were not able to place holds on books, access their accounts, or use computers on site for months following the cyberattack.
The library’s website was partially restored on Jan. 29 and the rest of the site is expected to be back up and running by the end of February.
“Service restoration has been a complex and detailed process involving enterprise-wide discussions and analysis,” the report read.
“Staff have worked tirelessly to restore all services as quickly as possible.”
CTVNews.ca Top Stories
Trump making 'joke' about Canada becoming 51st state is 'reassuring': Ambassador Hillman
Canada’s ambassador to the U.S. insists it’s a good sign U.S. president-elect Donald Trump feels 'comfortable' joking with Canadian officials, including Prime Minister Justin Trudeau.
Mexico president says Canada has a 'very serious' fentanyl problem
Foreign Affairs Minister Mélanie Joly is not escalating a war of words with Mexico, after the Mexican president criticized Canada's culture and its framing of border issues.
Quebec doctors who refuse to stay in public system for 5 years face $200K fine per day
Quebec's health minister has tabled a bill that would force new doctors trained in the province to spend the first five years of their careers working in Quebec's public health network.
Freeland says it was 'right choice' for her not to attend Mar-a-Lago dinner with Trump
Deputy Prime Minister and Finance Minister Chrystia Freeland says it was 'the right choice' for her not to attend the surprise dinner with Prime Minister Justin Trudeau at Mar-a-Lago with U.S. president-elect Donald Trump on Friday night.
'Sleeping with the enemy': Mistrial in B.C. sex assault case over Crown dating paralegal
The B.C. Supreme Court has ordered a new trial for a man convicted of sexual assault after he learned his defence lawyer's paralegal was dating the Crown prosecutor during his trial.
Bad blood? Taylor Swift ticket dispute settled by B.C. tribunal
A B.C. woman and her daughter will be attending one of Taylor Swift's Eras Tour shows in Vancouver – but only after a tribunal intervened and settled a dispute among friends over tickets.
Eminem's mother Debbie Nelson, whose rocky relationship fuelled the rapper's lyrics, dies at age 69
Debbie Nelson, the mother of rapper Eminem whose rocky relationship with her son was known widely through his hit song lyrics, has died. She was 69.
NDP won't support Conservative non-confidence motion that quotes Singh
NDP Leader Jagmeet Singh says he won't play Conservative Leader Pierre Poilievre's games by voting to bring down the government on an upcoming non-confidence motion.
Canadians warned to use caution in South Korea after martial law declared then lifted
Global Affairs Canada is warning Canadians in South Korea to avoid demonstrations and exercise caution after the country's president imposed an hours-long period of martial law.