Toronto Public Library still trying to determine if cardholder data was stolen in cyberattack
The Toronto Public Library it is still working to determine the full impact of a crippling cyberattack that disabled the library’s website for months, including whether the personal data of cardholders was accessed.
In the final report to the library board on the Oct. 28 cyberattack, City Librarian Vickery Bowles confirmed that the full extent of the data breach is still under investigation.
- Download our app to get local alerts on your device
- Get the latest local updates right to your inbox
The library previously indicated that the personal information of employees, including social insurance numbers and copies of government-issued identification, was stolen during the incident. Further investigation revealed that some information involving dependents and family members of staff was also impacted.
“Although cardholder, volunteer, and donor databases were not affected, some data about these groups likely resided on the compromised file server,” the report notes.
“The larger e-discovery process to investigate whether customer, donor or volunteer data has been taken from the affected file server is underway and will take more time to complete.”
Bowles added that the library will “continue to be transparent” and will notify anyone else who may be affected.
A final accounting of the data breach will be sent to Ontario’s Information and Privacy Commissioner, the report noted.
According to the report, third-party experts tasked with conducting a forensic analysis on the cause of the cyberattack have concluded that the attackers “breached a vulnerability in an internet-facing server” before “exfiltrating and encrypting data from a file server.”
“TPL’s quick action to isolate the environment immediately on discovering the attack led to containment on October 29, 2023, reducing further potential exposure,” the report read.
'A disturbing reality'
The library, Bowles said, has addressed the situation by rebuilding its network and implementing a number of cybersecurity enhancements.
“The rise in data security and ransomware incidents affecting organizations dedicated to community wellbeing, including hospitals, school boards, and libraries like TPL, is a disturbing reality,” the report concluded.
A sign at a Toronto Public Library branch is seen in this undated file image. (CTV News Toronto)
“Public sector organizations are increasingly becoming targets, whether motivated by financial gain or sheer malice. In the case of public libraries, dedicated to equity, access to information, intellectual freedom, and openness for all, this represents an attack on the very essence of civil society.”
Toronto library users were not able to place holds on books, access their accounts, or use computers on site for months following the cyberattack.
The library’s website was partially restored on Jan. 29 and the rest of the site is expected to be back up and running by the end of February.
“Service restoration has been a complex and detailed process involving enterprise-wide discussions and analysis,” the report read.
“Staff have worked tirelessly to restore all services as quickly as possible.”
CTVNews.ca Top Stories
'Shameful': Monument honouring fallen soldiers included names of living veterans
Veterans are asking for answers after discovering that two sculptures in Ontario honouring fallen soldiers include the names of many people who are very much alive.
'If it ain't broke don't fix it': U.S. ambassador warns Canada against cutting Mexico out of trilateral trade deal
Cutting Mexico out of the current North American free trade deal 'may not be the best path to take,' says U.S. Ambassador to Canada David Cohen.
Days after gunman killed UnitedHealthcare's CEO, police push to ID him and FBI offers reward
The gunman who killed the CEO of the largest U.S. health insurer likely left New York City on a bus soon after the brazen ambush that has shaken corporate America, police officials said. But he left something behind: a backpack that was discovered in Central Park.
Canada's air force took video of object shot down over Yukon, updated image released
The Canadian military has released more details and an updated image of the unidentified object shot down over Canada's Yukon territory in February 2023.
Cookie inflation: How much more is your holiday baking costing you this year?
Estimate how much more your Christmas cookies will cost to bake this year compared to the past five years using Statistics Canada's monthly average retail price data.
LGBTQ2S+ refugees languish as Kenyan government blocks Canadians from resettling them
In a low-income neighbourhood on the outskirts of Nairobi, seven people gather in an air-conditioned home around a dinner table for a Ugandan stew of matoke bananas with peanut sauce.
An explosion has caused several injuries and damaged apartments in a Dutch city
An explosion and fire rocked a neighborhood in the Dutch city of The Hague early Saturday, destroying several apartments and injuring multiple people, according to authorities.
Smash and grab: Canada sees a spike in jewelry store robberies
Many cities across Canada are seeing a spike in jewelry store robberies in recent months.
Invasive species could be hiding in your Christmas decor. Here's how to stop the spread
Make sure to look through your holiday decorations, as Christmas trees, wreaths, and other natural decor can have invasive insects, eggs, and plants that pose a threat to local ecosystems and the economy.