Toronto

Toronto Public Library gradually recovering from hack, more services back in February

Canada's largest public library system is gradually restoring more of its services after an October cyberattack brought down its website and likely exposed sensitive employee information.

Customers will see familiar version of library website by end of January, TPL said Friday

A view of Toronto Public Library computers, wrapped in yellow caution tape, at its Eglinton Square branch on Dec. 23.
A view of Toronto Public Library computers wrapped in yellow caution tape at the Eglinton Square branch on Dec. 23, 2023. (Muriel Draaisma/CBC)

Canada's largest public library system is gradually restoring more of its services after an October cyberattack brought down its website and likely exposed sensitive employee information.

The Toronto Public Library said customers will be able to see a familiar version of its website by the end of the month that will include more information on services and programs and easier access to digital resources, although it will not allow access to catalogue and search features and customer accounts.

The library also said about one million books and other materials that include returns and new items will be processed to be put back on its shelves by mid-February. Returned books have been stored in 12 offsite trailers since the cyberattack on Oct. 28.

"As we work to restore our services, our top priorities remain the phased return of our website, catalogue and borrowing services, and public computing," the library wrote in a Friday statement.

"The full and safe recovery of our services will take time, and we will continue to keep you updated regularly."

The library has previously said the attack brought down its website and network of public computers across its 100 branches and likely exposed the names, social insurance numbers, government identification and addresses of employees dating back to 1998.

It has said it did not pay a ransom to the hackers.

The library said Friday that by mid-February, customers who placed holds will be notified by email or phone when their items are ready for pick-up. Customers can also place, cancel and manage holds with staff in branches and by telephone, it said.

"Once the catalogue is restored later in February, customers will be able to place, cancel and manage their holds online," the library said.

The library also said it reconnected more than 3,000 staff computers but it has not yet restored connection to about 2,000 public computers in its branches.

"Public computing will return early in February," it said.

"Once public computers are back online, we'll focus on printing services. We do not yet have an anticipated return date although we will also be exploring interim solutions for this important service."

The library had said cardholder and donor databases were unaffected by the cyberattack, but some customer, volunteer and donor data that was on a compromised server may have been exposed.