Personal info, including staff social insurance numbers, stolen in Toronto library cyberattack

The Toronto Public Library (TPL)says personal information including the names, birthdays,social insurance numbers and home addresses of employees was stolen in a ransomware attack that has also affected key library services.

In an updated statement on the cybersecurity breach, the library saida large number of digital files were stolen from a server targeted in the Oct.28attack.

Those files included key personal information of current and former employees of both TPL and the Toronto Public Library Foundation dating back to 1998. Copies of government-issued identification documents related to those staff members were also likely taken, according to the statement.

"We are aware that stolen data connected to this incident may be published on the dark web, which is part of the internet that is not accessible except through a special browser," the update reads.

The library added that cardholder and donor databases were not impacted bythe hack.

"However, some customer, volunteer and donor data that resided on the compromised file server may have been exposed. It will take us time to analyze data to determine who is affected and how," the statement says.

TPL says it will offer two years of free credit monitoring services to staff whose personal information was stolen.

'A very challenging time'

The library first announced it was the victim of a "cybersecurity incident" on Oct. 28, the day it became aware of the attack. It did not pay a ransom to recover the stolen material.

It has been working with third-party experts to address the breach, and reports were filled with the Toronto Police Service and the Information and Privacy Commissioner of Ontario.

"It has been a very challenging time, and we are deeply sorry for the concern it has caused," the statement says.

"It is sounfortunate that data security and ransomware incidents are becoming increasingly common, and that public sector organizations including hospitals, schools and libraries all dedicated to the betterment of the community are being targeted."

Some services still down

A number of widely-used services are still unavailable following the ransomware attack. The library says its website, online user accounts, map passes and digital collections are still down, while public computers and printing services at branches are unavailable.

Branches are open as scheduled, and materials can still be borrowed, returned or renewed.

A full breakdown of what services are still accessible and those that remain offline can be found here.

"We are actively working to establish a timeline for service restoration, and will promptly share this information once it's available," the library says.