Hackers may have gained access to sensitive data, Toronto Public Library says

Hackers responsible for a ransomware attack on the Toronto Public Library that has knocked out its website and some of its services for almost two weeks may have gained access to sensitive information, the library now says.

In a statement posted to its website Friday, the TPL said an ongoing investigation into the attack, which it became aware of on Oct. 28, has determined “sensitive data may have been exposed.”

The library provided no further details, but said it was working with third-party cybersecurity experts “to determine the extent of the exposure and individuals affected.”

According to an email sent to TPL staff Friday morning by City Librarian Vickery Bowles, the library believes employees’ information may have been compromised. A TPL spokesperson didn’t clarify whether it believes customer information was also affected, and declined to answer other questions about the hack, referring the Star to its online statement instead.

“We will continue to be transparent, and provide further information as we learn more,” the library’s website statement said.

 

 

The TPL has said that, after it learned of the attack, it immediately engaged experts and has filed a report with Toronto police. The library initially reported there was no evidence personal information had been compromised.

Brett Callow, a threat analyst with international cybersecurity firm Emsisoft Ltd., said it was reckless for the library to have at first downplayed the possibility of sensitive data leaks.

“Claiming that there’s ‘no evidence’ when the forensic work to find the evidence is still ongoing is irresponsible and exposes those affected to unnecessary risk. If they don’t know that their information may have been compromised, they don’t know they should be monitoring their bank accounts, changing their passwords, etc.” Callow said in an email Friday.

TPL patron Aysun Basaran said the latest update raises concerns about what exactly has been breached and whether other library users like herself are affected.

She feared other library customers, who have used their credit or debit cards to pay for fees including overdue books and printing services, may have had their financial data stolen.

 

 

She also questioned why the library was not more transparent from the get-go. “Why did the library take so long to let us know?”

Library branches remain open, and patrons can still borrow and return books, and use TPL Wi-Fi. But other services remain unavailable including the tpl.ca website and online personal accounts, public computers, printing, some digital collections, suspending or managing holds, and renewing library cards. Library cards won’t expire during the service interruption.

The TPL is the latest public institution to suffer a ransomware attack, in which hackers encrypt stolen files and demand payment to restore owners’ access. In 2021, an attack on the TTC temporarily crippled the transit system’s communication network.

 

This article was reported by The Star