Skip to main content
NewslettersWatchlist
Nearly all Toronto Public Library services restored after cyberattack
Samantha Edwards
Open this photo in gallery:

Toronto Public Library’s website and other services have been unavailable since a ransomware attack on Oct. 28.Chris Young/The Canadian Press

After a cyberattack nearly four months ago, nearly all of the Toronto Public Library services are restored. Accessing personal online accounts, searching the online catalogue, placing and managing holds, and renewing holds are all available again.

In a statement on Nov. 14, the TPL said it believes personal data of current and former employees of TPL and the Toronto Public Library Foundation from 1998 has been stolen and may be published on the dark web. The information “likely taken” includes names, social insurance numbers, date of birth and home addresses. The TPL said that cardholder and donor databases are not affected, however, some information from customers, volunteers and donors may have been exposed.

The TPL said it is working with third-party cybersecurity experts and law enforcement to help resolve the situation.

Here are the services that are currently available and unavailable.

Which services are available?

As of Feb. 29, many services are back online. These services include:

  • Access to personal accounts online
  • Place and manage holds
  • Renew items
  • View borrowing history and saved lists
  • Digital collections
  • Access to public computers at branches

What services are still unavailable?

On Feb. 29, the TPL said it’s working to restore the remaining services still affected by the outage. Those services include:

  • Children’s computers at branches
  • Printing services at branches
  • Passes for museums and art galleries

While some services are unavailable, you will not be charged for holds that aren’t picked up. During the outage, library and digital access cards will not expire.

What do we know about the cyberattack? Was any personal data stolen?

While details about the cyberattack are still coming to light, the TPL confirmed the attack came from the Black Basta group, who demanded a ransom. The library has said it did not pay a ransom.

The TPL has said the personal data of current and former employees dating back to 1998 has been stolen during the attack, including names, social insurance numbers, date of birth and home addresses. The TPL said that cardholder and donor databases are not affected, however, some information from customers, volunteers and donors may have been exposed.

“We are aware that stolen data connected to this incident may be published on the dark web, which is part of the internet that is not accessible except through a special browser,” the TPL wrote in a statement on its website.

When will all services resume?

On Feb. 29, the TPL said in the coming weeks al services will be fully restored.

What has happened to other organizations in similar hacks?

In the past year, several Canadian companies and organizations have been affected by cyberattacks, resulting in the leak of personal information and the loss of millions of dollars.

In February, Indigo was hit by a massive cyberattack that knocked out the bookstore’s entire e-commerce operations and breached sensitive information about current and former employees. The company lost nearly $50-million so far in 2023, which it attributed partly to the cyberattack.

LockBit, a ransomware group and malicious software used to carry out security breaches, was behind the attack. The group was also involved in a ransomware attack that targeted the Weather Network, which took down its operations for several days in September and threatened to leak internal data.

After Toronto’s Hospital for Sick Children was attacked last December, LockBit claimed one of its partners carried out the attack. The group eventually apologized and offered to unlock the targeted data, saying attacks on hospitals violate its rules.

According to Canada’s intelligence agency, the Communications Security Establishment, LockBit was responsible for at least 22 per cent of all attributed ransomware attacks in the country last year, making it the most common digital threat.

More reading:

Have I been hacked? Cybersecurity experts share tips for protecting personal data

Joe Massodi: The threat of ransomware is real. So why are Canadians handcuffing themselves?

With reports from Temur Durrani and Susan Krashinsky Robertson

Report an editorial error

Report a technical issue

Editorial code of conduct

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe