B.C. libraries have been targeted by a hacker who demanded a ransom or they would release user data that includes the phone numbers and email addresses of some clients.
Scott Leslie, the privacy and security officer for the B.C. Libraries Cooperative and says they received an email from the hacker on April 19 claiming to have taken “sensitive” information and threatening to release it if the co-op didn’t pay.
He says the co-op investigated and found some users’ email addresses and phone numbers had been taken, but the hacker didn’t have as much data as they claimed.
Leslie says the co-op didn’t respond and didn’t send any ransom money, though it received several additional emails from the hacker.
The Cariboo Regional District (CRD) says its library was among those involved, and data was obtained about users who received automated notifications from the library between March 27 and April 19.
The CRD says it was notified on April 25 by the BC Libraries Cooperative that the CRD’s integrated library system – named Sitka – had been accessed by a hacker on April 19. While no passwords or content data were stolen, the hacker had access to the e-mail addresses and phone numbers of a number of automated notification patrons.
These patrons could now be open to phishing attempts. The CRD reminded the public in a press release on Friday, May 3 that they and the CRDLN “will not contact you by unsolicited email or text messages to demand an online payment, request personal information or to obtain sensitive information.”
Library services will only contact patrons to provide a receipt for borrowed materials, to let them know that an item they requested is available, and to send reminders to return overdue items.
In a release issued on April 29, the BC Libraries Cooperative said the hacker, who claimed to be a security researcher, contacted them and tried to “extort payment for data they had exfiltrated from their servers, threatening to release the data if we did not pay.”
The cooperative said that the hacker had “accessed log file data from a new logging server that the co-op had just implemented on our new cloud hosting infrastructure” which gave them access to the log files that contained the emails and phone numbers.
Leslie would not say approximately how many email addresses and phone numbers were compromised. The actual contents of any emails were not part of the breach, he added.
The B.C. Library Cooperative provides a system used by libraries throughout the province, but Leslie says he doesn’t believe the data hack was specifically targeted.
“This was a case of someone scanning for a known vulnerability, found one and then proceeded to exploit it,” he said in an interview on Friday. “In fact, looking at the evidence that the attacker sent of a public page where they were posting other such attacks, it was clear they were indiscriminate in who they were attacking.”
Leslie says the co-op is reviewing its policies and taking steps to ensure such a cybersecurity incident won’t happen again.
The statement from the co-op issued Monday said the breach affected a new server containing “minimal data.”
“Our best estimation is that the main potential use of the stolen data could be to assist with future spear-phishing attacks,” it says.
The hack is the latest in a series of cybersecurity incidents, including a breach that has shut down London Drugs stores since Sunday, and attacks on other libraries including the Toronto Public Library last October.
“Regardless of any limitations on data breached, we regret this breach happening at all,” the co-operative statement says.
The CRD provided some advice from the Canadian Centre for Cyber Security, which had several resources available to educate people about cybersecurity breaches — including verifying links, filtering spam mail, blocking “bad” IP addresses and backing up their information.
While the library co-op has managed to fix the openeing that allowed the hacker access, it cannot provide a “specific list of affected e-mails.” The CRD said that anyone who has further questions or questions about what the CRDLN is doing to protect the “information of library patrons” can contact the CRD’s Manager of Library Services at 1-800-665-1636 or by email at mailbox@cariboord.ca.
The CRD plans to inform the Office of Information and Privacy Commissioner of this data breach as required by the Freedom of Information and Protection of Privacy Act.
— with a file from Canadian Press
READ MORE: London Drugs stores remain closed as firm probes potential data breach