91大黄鸭

Skip to content
  1. Home
  2. News

Hacker breaches B.C. library system data, demands ransom

Emails and phone numbers of an unknown number of library users may have been accessed
Misha Mustaqeem

B.C. libraries have been targeted by a hacker who demanded a ransom or they would release user data that includes the phone numbers and email addresses of some clients.

Scott Leslie, the privacy and security officer for the B.C. Libraries Cooperative and says they received an email from the hacker on April 19 claiming to have taken 鈥渟ensitive鈥 information and threatening to release it if the co-op didn鈥檛 pay.

He says the co-op investigated and found some users鈥 email addresses and phone numbers had been taken, but the hacker didn鈥檛 have as much data as they claimed.

Leslie says the co-op didn鈥檛 respond and didn鈥檛 send any ransom money, though it received several additional emails from the hacker.

The Cariboo Regional District (CRD) says its library was among those involved, and data was obtained about users who received automated notifications from the library between March 27 and April 19.

The CRD says it was notified on April 25 by the BC Libraries Cooperative that the CRD鈥檚 integrated library system - named Sitka - had been accessed by a hacker on April 19. While no passwords or content data were stolen, the hacker had access to the e-mail addresses and phone numbers of a number of automated notification patrons.

These patrons could now be open to phishing attempts. The CRD reminded the public in a press release on Friday, May 3 that they and the CRDLN 鈥渨ill not contact you by unsolicited email or text messages to demand an online payment, request personal information or to obtain sensitive information.鈥

Library services will only contact patrons to provide a receipt for borrowed materials, to let them know that an item they requested is available, and to send reminders to return overdue items.

In a release issued on April 29, the BC Libraries Cooperative said the hacker, who claimed to be a security researcher, contacted them and tried to 鈥渆xtort payment for data they had exfiltrated from their servers, threatening to release the data if we did not pay.鈥

The cooperative said that the hacker had 鈥渁ccessed log file data from a new logging server that the co-op had just implemented on our new cloud hosting infrastructure鈥 which gave them access to the log files that contained the emails and phone numbers.

Leslie would not say approximately how many email addresses and phone numbers were compromised. The actual contents of any emails were not part of the breach, he added.

The B.C. Library Cooperative provides a system used by libraries throughout the province, but Leslie says he doesn鈥檛 believe the data hack was specifically targeted.

鈥淭his was a case of someone scanning for a known vulnerability, found one and then proceeded to exploit it,鈥 he said in an interview on Friday. 鈥淚n fact, looking at the evidence that the attacker sent of a public page where they were posting other such attacks, it was clear they were indiscriminate in who they were attacking.鈥

Leslie says the co-op is reviewing its policies and taking steps to ensure such a cybersecurity incident won鈥檛 happen again.

The statement from the co-op issued Monday said the breach affected a new server containing 鈥渕inimal data.鈥

鈥淥ur best estimation is that the main potential use of the stolen data could be to assist with future spear-phishing attacks,鈥 it says.

The hack is the latest in a series of cybersecurity incidents, including a breach that has shut down London Drugs stores since Sunday, and attacks on other libraries including the Toronto Public Library last October.

鈥淩egardless of any limitations on data breached, we regret this breach happening at all,鈥 the co-operative statement says.

The CRD provided some advice from the Canadian Centre for Cyber Security, which had several resources available to educate people about cybersecurity breaches 鈥 including verifying links, filtering spam mail, blocking 鈥渂ad鈥 IP addresses and backing up their information.

While the library co-op has managed to fix the openeing that allowed the hacker access, it cannot provide a 鈥渟pecific list of affected e-mails.鈥 The CRD said that anyone who has further questions or questions about what the CRDLN is doing to protect the 鈥渋nformation of library patrons鈥 can contact the CRD鈥檚 Manager of Library Services at 1-800-665-1636 or by email at mailbox@cariboord.ca.

The CRD plans to inform the Office of Information and Privacy Commissioner of this data breach as required by the Freedom of Information and Protection of Privacy Act.

鈥 with a file from Canadian Press

READ MORE:

Breaking News You Need To Know

Sign up for free account today and start receiving our exclusive newsletters.

Sign Up with google Sign Up with facebook

This site is protected by reCAPTCHA and the Google and apply.

Reset your password

This site is protected by reCAPTCHA and the Google and apply.

A link has been emailed to you - check your inbox.



Don't have an account? Click here to sign up

About the Author: Misha Mustaqeem

Read more

More News

Ground to be broken on Vernon cultural centre
Ground to be broken on Vernon cultural centre
New 鈥榠ndependent鈥 municipal Conservative party launches in 15 B.C. communities
New 鈥榠ndependent鈥 municipal Conservative party launches in 15 B.C. communities
Princeton Harvest Festival scheduled for September
Princeton Harvest Festival scheduled for September