Toronto Public Library still trying to determine if cardholder data was stolen in cyberattack
The Toronto Public Library it is still working to determine the full impact of a crippling cyberattack that disabled the library’s website for months, including whether the personal data of cardholders was accessed.
In the final report to the library board on the Oct. 28 cyberattack, City Librarian Vickery Bowles confirmed that the full extent of the data breach is still under investigation.
- Download our app to get local alerts on your device
- Get the latest local updates right to your inbox
The library previously indicated that the personal information of employees, including social insurance numbers and copies of government-issued identification, was stolen during the incident. Further investigation revealed that some information involving dependents and family members of staff was also impacted.
“Although cardholder, volunteer, and donor databases were not affected, some data about these groups likely resided on the compromised file server,” the report notes.
“The larger e-discovery process to investigate whether customer, donor or volunteer data has been taken from the affected file server is underway and will take more time to complete.”
Bowles added that the library will “continue to be transparent” and will notify anyone else who may be affected.
A final accounting of the data breach will be sent to Ontario’s Information and Privacy Commissioner, the report noted.
According to the report, third-party experts tasked with conducting a forensic analysis on the cause of the cyberattack have concluded that the attackers “breached a vulnerability in an internet-facing server” before “exfiltrating and encrypting data from a file server.”
“TPL’s quick action to isolate the environment immediately on discovering the attack led to containment on October 29, 2023, reducing further potential exposure,” the report read.
'A disturbing reality'
The library, Bowles said, has addressed the situation by rebuilding its network and implementing a number of cybersecurity enhancements.
“The rise in data security and ransomware incidents affecting organizations dedicated to community wellbeing, including hospitals, school boards, and libraries like TPL, is a disturbing reality,” the report concluded.
A sign at a Toronto Public Library branch is seen in this undated file image. (CTV News Toronto)
“Public sector organizations are increasingly becoming targets, whether motivated by financial gain or sheer malice. In the case of public libraries, dedicated to equity, access to information, intellectual freedom, and openness for all, this represents an attack on the very essence of civil society.”
Toronto library users were not able to place holds on books, access their accounts, or use computers on site for months following the cyberattack.
The library’s website was partially restored on Jan. 29 and the rest of the site is expected to be back up and running by the end of February.
“Service restoration has been a complex and detailed process involving enterprise-wide discussions and analysis,” the report read.
“Staff have worked tirelessly to restore all services as quickly as possible.”
CTVNews.ca Top Stories
Missing 3-year-old boy found dead in creek in Mississauga, Ont.: police
A three-year-old boy has been found dead a day after he went missing in a park in Mississauga, Ont., Peel police say.
Celine Dion delivers stirring comeback performance at Paris Olympics opening ceremony
Against the rainy Paris night sky, Celine Dion staged the comeback of her career with a powerful performance from the Eiffel Tower to open the Olympic Games.
Jasper wildfire: 'Several weeks' before residents can return, premier says
Premier Danielle Smith said Friday afternoon in Hinton while weather conditions are cooler, the Jasper fire is still considered out of control and that Jasper residents can expect to be away from their homes 'for several weeks.'
Irish museum pulls Sinead O'Connor waxwork after just one day due to backlash
An Irish museum will withdraw a waxwork of singer-songwriter Sinéad O'Connor just one day after installing it, following a backlash from her family and the public, it told CNN in a statement on Friday.
Winnipeg senior's account overdrawn for $146,000 water bill
A Winnipeg senior is getting soaked with a six-figure water bill.
FBI says Trump was indeed struck by bullet during assassination attempt
Nearly two weeks after Donald Trump’s near assassination, the FBI confirmed Friday that it was indeed a bullet that struck the former president’s ear, moving to clear up conflicting accounts about what caused the former U.S. president’s injuries after a gunman opened fire at a Pennsylvania rally.
Driver charged after flashing high beams at approaching police
Orillia OPP arrested and charged a driver with impaired driving after flashing their high beams.
Turpel-Lafond won't sue CBC over Cree heritage report that took 'heavy toll': lawyer
The lawyer for a former judge whose claims to be Cree were questioned in a CBC investigation says his client is not considering legal action against the broadcaster after the Law Society of British Columbia this week backed her claims of Indigenous heritage.
Major Canadian bank experiences direct deposit outage on payday
Scotiabank says it has fixed a technical issue that impacted direct deposits on Friday morning.