Toronto Public Library confirms data stolen in ransomware attack

Toronto Public Library confirms data stolen in ransomware attack

November 15, 2023 at 02:24PM

The Toronto Public Library (TPL) experienced a ransomware attack in October, resulting in the theft of personal information belonging to employees, customers, volunteers, and donors. The compromised file server contained data dating back to 1998, including names, social insurance numbers, birth dates, home addresses, and government-issued identification documents. The library has reported the incident to authorities and is working with cybersecurity experts to investigate. It has not disclosed the specific customer data stolen or the number of affected customers. The attack was attributed to the Black Basta ransomware gang. TPL’s primary servers were not encrypted, suggesting limited network access for the attackers. Internal systems were shut down as a precaution. Black Basta is a Russian-speaking ransomware group linked to the financially motivated cybercrime group FIN7. They have targeted multiple high-profile victims in recent months.

Key takeaways from the meeting notes:

1. The Toronto Public Library (TPL) experienced a ransomware attack in October, resulting in the theft of personal information of employees, customers, volunteers, and donors from a compromised file server.
2. The stolen data includes names, social insurance numbers, dates of birth, home addresses, and copies of government-issued identification documents provided to TPL by staff.
3. The cardholder and donor databases of TPL are unaffected, but some customer, volunteer, and donor data may have been exposed due to the breach.
4. TPL has not paid the ransom demanded by the attackers and is working with external cybersecurity experts to investigate the incident.
5. The breach has been reported to Ontario’s Information and Privacy Commissioner and the Toronto Police.
6. The Black Basta ransomware gang is believed to be responsible for the attack on TPL.
7. TPL’s email services and phone system were minimally impacted by the attack, although some employees experienced difficulty accessing their email accounts.
8. TPL’s primary servers were not encrypted, indicating that the attackers may not have had full access to the library’s networks and data.
9. TPL took precautionary measures to shut down all other internal systems after detecting the attack to prevent further spread of the malware.
10. Black Basta is a Ransomware-as-a-Service (RaaS) operation and has been linked to the FIN7 hacking group.
11. Black Basta has targeted multiple high-profile victims, including the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, Capita, Rheinmetall, and ABB.

Full Article