Personal information of Toronto Public Library staff stolen in cyber attack, investigators say
Officials from the Toronto Public Library (TPL) are shedding some light on what type of data has been compromised in an ongoing cybersecurity incident.
Investigators were able to determine that cyber criminals stole a large number of files from the library’s network in an incident first announced on October 28. It is believed personal information from TPL staff, including names, social insurance numbers, and home addresses have been affected.
“It has been a very challenging time, and we are deeply sorry for the concern it has caused,” reads an update posted on the library’s website on Tuesday. “Regrettably, the criminals that compromised our network did steal a large number of files from a file server. We did not pay a ransom.”
Advertisement
Investigators believe current and former staff at the TPL and the Toronto Public Library Foundation from 1998 are impacted. They say the stolen information could potentially be published on the dark web.
TPL confirms that cardholder and donor databases were not affected but say “some customer, volunteer, and donor data that resided on the compromised file server” may have been exposed.
The library says it will take time for investigators to fully analyze the data and determine who exactly was affected.
“We will continue to be transparent and notify those affected as appropriate and in light of our findings,” TPL says.
Advertisement
The library’s network of 100 branches remains open to the public but many of the services that residents rely on are still unavailable, such as the library’s website, “your account” service, tpl:map passes and digital collections.