Bad News…. Toronto Public Library Confirms That Personal Information Was Swiped When They Got Pwned By Ransomware

A couple of weeks ago, I wrote about the fact that the Toronto Public Library was pwned by ransomware. I’ve been tracking this story since and I haven’t updated you on this despite the fact that they’ve been silent since that went public. Today they said something new, and what they said isn’t good:

At this point in our investigation, we believe current and former staff employed by Toronto Public Library (TPL) and the Toronto Public Library Foundation (TPLF) from 1998 are impacted. Information related to these individuals was likely taken, including their name, social insurance number, date of birth and home address.

Copies of government-issued identification documents provided to TPL by staff were also likely taken.

Our cardholder and donor databases are not affected. However, some customer, volunteer and donor data that resided on the compromised file server may have been exposed. It will take us time to analyze data to determine who is affected and how. We will continue to be transparent and notify those affected as appropriate and in light of our findings.

That’s not good at all. And it seems like a well known threat actor is behind this according to Bleeping Computer:

While the library hasn’t yet attributed the attack to a specific ransomware operation, BleepingComputer has learned that the Black Basta ransomware gang was behind the October 28 attack after seeing a photo of a ransom note shown on a TPL workstation.

As a TPL employee told BleepingComputer, the attack occurred overnight on October 27, disrupting numerous services by Saturday morning.

It will be interesting to see what the Toronto Public Library does from this point onwards given the fact that they now know what’s out there. Will they alert these people? Will they offer free credit monitoring? Those are things that I’ll be looking for in the days and weeks to come.

Leave a Reply

%d bloggers like this: