Toronto Zoo is the latest public institutionhit by cybersecurity attack. Here's what it means for you

As the list of municipal, health and other public institutions hit by cyber attacks over the past several months grows, cyber security experts say nowis a good timeto check up onthe safety of your personal information.

The Toronto Zoo announced Monday it's been hit by a ransomware attack, less than three months after the Toronto Public Library announced it was the victim of a cyber attack.

The zoo says it detected the attack on Jan. 5 andis now investigating "the impact, if any, to our guests, members and donor records."

CBC Toronto asked security experts aboutwhat people should keep in mind right now.

What to look out for

David Shipley, CEO of the Canadian company Beauceron Security, says things look relatively low risk in terms of the sensitivity of the zoo's patron data so far, but it could be months before the full impact is seen.

"These types of things are like oil spills, the mess gets made and takes a long time to clean up," he said."The [patrons and donors] are like the innocent penguins that have got to get scrubbed down it's not one and done."

The zoo says it doesn't have any credit card information stored on hand, but Shipley warns bad actors may try to use thesetypes of situations to get people to hand over more information.

He says people should be on alert for potential fraudulent phishing emails impersonating the Toronto Zoo. Bad actors may try to get you to click on malicious links to steal your information and misdirect funds, he says.

He also warns that bad actors can pieceinformation about a person togetherto build a more complete picture, which can then be used for fraud.

His advice is to change your passwords regularly and monitor your credit and banking records to avoid being a victim.

"Be proactive, not reactive," he said.

Claudette McGowan, CEO of the cybersecurity company, Protexxa, says it's "early days" for the zoo'scyber attack and new information about what's been impacted or accessed sometimes only comes to light later. She says zoo members should stay vigilant and look outfor updates.

She says vendors who have worked with the zoo in any way should also be on alert.

Attacks on the city could become more serious

Shipley says municipalities and health-care systems are increasingly the target of attacks, and that disruption to our technological systems can be deadly.

If water treatment or wastewater or other critical emergency services like 911 were hit, he says Toronto could be in a very bad situation.

Shipley says no Canadian municipality is ready for a major attack of that nature, but the city is better resourced to handle cyber attacks than most, with a robust police force and the Office of the Chief InformationSecurity Officer (CISO), which was created in 2019, trying to tackle cyber security threats.

The zoo confirmedit'sworking with CISOand the Toronto police to respond to the attack.

"Municipalities have a treasure trove of information as we know, and if we don't do our job protecting it, people's information and our ability to deliver services is at risk," said Toronto city manager Paul Johnson.

Johnson saysthe city is trying to bring moreof its boards, commissions and agencies under the city's cyber security umbrella, rather than having them operateindependently in this area.

CISOhas been working with the city's technology services division to "set standards for technology and cyber best practices and ensure compliance across all city divisions," according to city spokesperson Russell Baker.

The city has not said if the attack on the zoo and the Toronto Public Library are related.

Municipalities 'being clobbered': cyber security expert

McGowan says people should askquestions about whether governments and organizations conductcyber security drills andhow their information is protected. Doing so, she says,will push organizations to do more to protect information.

"I am certainly an advocate for speaking up more," she said.

Shipley says the city and its entities like the zoo are doing a good job by being transparent aboutattacks and by not storing credit card information itself, but agrees there is more work to do.

The city says it spent approximately $38 million on cyber security in 2023, but Shipleybelieves it deserves more funding given threats are increasing.

"Municipal government is the government you interact with the most, that sometimes has some of your most sensitive information financially, or whatnot," Shipley said."And they are just actually being clobbered."

He says voters showing they care will make cyber security a priority for governments.

"Until we all exercise our agency on that side, we're going to hear about these stories more and more, and we're going to see more and more impactful breaches that have consequences for all of us," he said.