Toronto

Personal info, including staff social insurance numbers, stolen in Toronto library cyberattack

The Toronto Public Library says personal information — including the names, birthdays, social insurance numbers and home addresses — of current and former employees was stolen in a ransomware attack that has also affected key library services.

TPL still working to bring key services back online after Oct. 28 cyberattack

A row of desktop computers in an empty library are roped off by yellow tape.
Computers blocked off with tape at a Toronto Public Library branch after an Oct. 28 ransomware attack. (Haydn Watters/CBC)

The Toronto Public Library (TPL) says personal information — including the names, birthdays, social insurance numbers and home addresses — of employees was stolen in a ransomware attack that has also affected key library services.

In an updated statement on the cybersecurity breach, the library said a large number of digital files were stolen from a server targeted in the Oct. 28 attack. 

Those files included key personal information of current and former employees of both TPL and the Toronto Public Library Foundation dating back to 1998. Copies of government-issued identification documents related to those staff members were also likely taken, according to the statement.

"We are aware that stolen data connected to this incident may be published on the dark web, which is part of the internet that is not accessible except through a special browser," the update reads.

The library added that cardholder and donor databases were not impacted by the hack. 

"However, some customer, volunteer and donor data that resided on the compromised file server may have been exposed. It will take us time to analyze data to determine who is affected and how," the statement says.

TPL says it will offer two years of free credit monitoring services to staff whose personal information was stolen. 

'A very challenging time'

The library first announced it was the victim of a "cybersecurity incident" on Oct. 28, the day it became aware of the attack. It did not pay a ransom to recover the stolen material.

It has been working with third-party experts to address the breach, and reports were filled with the Toronto Police Service and the Information and Privacy Commissioner of Ontario.

"It has been a very challenging time, and we are deeply sorry for the concern it has caused," the statement says.

"It is so unfortunate that data security and ransomware incidents are becoming increasingly common, and that public sector organizations including hospitals, schools and libraries – all dedicated to the betterment of the community – are being targeted."

Some services still down

A number of widely-used services are still unavailable following the ransomware attack. The library says its website, online user accounts, map passes and digital collections are still down, while public computers and printing services at branches are unavailable. 

Branches are open as scheduled, and materials can still be borrowed, returned or renewed.

A full breakdown of what services are still accessible and those that remain offline can be found here.

"We are actively working to establish a timeline for service restoration, and will promptly share this information once it's available," the library says.

Corrections

  • This article previously stated the cyberattack happened on Oct. 27. In fact, the incident started on Oct. 28.
    Nov 24, 2023 5:00 AM ET