For close to a month, many of the Toronto Public Library’s services have been unavailable after a ransomware attack on Oct. 28. Browsing the TPL website, accessing personal online accounts, renewing library cards and using public computers at branches have all been affected. The TPL originally described the outage as the result of a cybersecurity incident, but confirmed on Nov. 7 it was from a ransomware attack.
In a statement on Nov. 14, the TPL said it believes personal data of current and former employees of TPL and the Toronto Public Library Foundation from 1998 has been stolen and may be published on the dark web. The information “likely taken” includes names, social insurance numbers, date of birth and home addresses. The TPL said that cardholder and donor databases are not affected, however, some information from customers, volunteers and donors may have been exposed.
The TPL said it is working with third-party cybersecurity experts and law enforcement to help resolve the situation. However, as of Nov. 24, it said its systems will remain down until January 2024.
Here are the services that are currently available and unavailable.
Which services are unavailable?
If you want to check the status of a hold, renew your library card or use a computer at your local branch, you are out of luck. The ransomware attack has disrupted the following services:
- TPL.ca and access to personal accounts online
- Public computers and printing services at branches
- Passes for museums and art galleries
- Digital collections
- Renewing library cards
- Placing, suspending or managing holds online or at branches
While some services are unavailable, you will not be charged for holds that aren’t picked up. If you received a notification before Oct. 28 indicating that your hold was available, TPL says to call or visit your pick-up branch to confirm availability. If you had a book in transit before Oct. 28, you can call or visit your branch to check if it’s available to pick up. During the outage, library and digital access cards will not expire.
What services are available?
Library branches are open as scheduled and Wifi is available. Material can be borrowed, returned or renewed at branches, and most in-person programs are still running. Cardholders can also still borrow ebooks, audiobooks, films and music from Libby, Hoopla, Kanopy and Pressreader.
Was any personal data stolen?
The TPL has said the personal data of current and former employees dating back to 1998 has been stolen during the attack, including names, social insurance numbers, date of birth and home addresses. The TPL said that cardholder and donor databases are not affected, however, some information from customers, volunteers and donors may have been exposed. TPL said it did not pay a ransom.
“We are aware that stolen data connected to this incident may be published on the dark web, which is part of the internet that is not accessible except through a special browser,” the TPL wrote in a statement on its website.
When will all services resume?
The TPL has said it is working with cybersecurity experts and law enforcement to restore all services, but the exact timeline of when services will resume is unclear. In a statement on Nov. 8, the TPL said it will take a week or longer for services to be fully restored.
What has happened to other organizations in similar hacks?
In the past year, several Canadian companies and organizations have been affected by cyberattacks, resulting in the leak of personal information and the loss of millions of dollars.
In February, Indigo was hit by a massive cyberattack that knocked out the bookstore’s entire e-commerce operations and breached sensitive information about current and former employees. The company lost nearly $50-million so far in 2023, which it attributed partly to the cyberattack.
LockBit, a ransomware group and malicious software used to carry out security breaches, was behind the attack. The group was also involved in a ransomware attack that targeted the Weather Network, which took down its operations for several days in September and threatened to leak internal data.
After Toronto’s Hospital for Sick Children was attacked last December, LockBit claimed one of its partners carried out the attack. The group eventually apologized and offered to unlock the targeted data, saying attacks on hospitals violate its rules.
According to Canada’s intelligence agency, the Communications Security Establishment, LockBit was responsible for at least 22 per cent of all attributed ransomware attacks in the country last year, making it the most common digital threat.
With reports from Temur Durrani and Susan Krashinsky Robertson