Skip to main content

Toronto Public Library still trying to determine if cardholder data was stolen in cyberattack


The Toronto Public Library it is still working to determine the full impact of a crippling cyberattack that disabled the library’s website for months, including whether the personal data of cardholders was accessed.

In the final report to the library board on the Oct. 28 cyberattack, City Librarian Vickery Bowles confirmed that the full extent of the data breach is still under investigation.

The library previously indicated that the personal information of employees, including social insurance numbers and copies of government-issued identification, was stolen during the incident. Further investigation revealed that some information involving dependents and family members of staff was also impacted.

“Although cardholder, volunteer, and donor databases were not affected, some data about these groups likely resided on the compromised file server,” the report notes.

“The larger e-discovery process to investigate whether customer, donor or volunteer data has been taken from the affected file server is underway and will take more time to complete.”

Bowles added that the library will “continue to be transparent” and will notify anyone else who may be affected.

A final accounting of the data breach will be sent to Ontario’s Information and Privacy Commissioner, the report noted.

According to the report, third-party experts tasked with conducting a forensic analysis on the cause of the cyberattack have concluded that the attackers “breached a vulnerability in an internet-facing server” before “exfiltrating and encrypting data from a file server.”

“TPL’s quick action to isolate the environment immediately on discovering the attack led to containment on October 29, 2023, reducing further potential exposure,” the report read.

'A disturbing reality'

The library, Bowles said, has addressed the situation by rebuilding its network and implementing a number of cybersecurity enhancements.

“The rise in data security and ransomware incidents affecting organizations dedicated to community wellbeing, including hospitals, school boards, and libraries like TPL, is a disturbing reality,” the report concluded.

A sign at a Toronto Public Library branch is seen in this undated file image. (CTV News Toronto)

“Public sector organizations are increasingly becoming targets, whether motivated by financial gain or sheer malice. In the case of public libraries, dedicated to equity, access to information, intellectual freedom, and openness for all, this represents an attack on the very essence of civil society.”

Toronto library users were not able to place holds on books, access their accounts, or use computers on site for months following the cyberattack.

The library’s website was partially restored on Jan. 29 and the rest of the site is expected to be back up and running by the end of February.

“Service restoration has been a complex and detailed process involving enterprise-wide discussions and analysis,” the report read.

“Staff have worked tirelessly to restore all services as quickly as possible.” Top Stories

Stay Connected