害羞草研究所

Skip to content
  1. Home
  2. News

Hacker breaches B.C. library system data, demands ransom

Emails and phone numbers of an unknown number of library users may have been accessed
Misha Mustaqeem

B.C. libraries have been targeted by a hacker who demanded a ransom or they would release user data that includes the phone numbers and email addresses of some clients.

Scott Leslie, the privacy and security officer for the B.C. Libraries Cooperative and says they received an email from the hacker on April 19 claiming to have taken 害羞草研究所渟ensitive害羞草研究所 information and threatening to release it if the co-op didn害羞草研究所檛 pay.

He says the co-op investigated and found some users害羞草研究所 email addresses and phone numbers had been taken, but the hacker didn害羞草研究所檛 have as much data as they claimed.

Leslie says the co-op didn害羞草研究所檛 respond and didn害羞草研究所檛 send any ransom money, though it received several additional emails from the hacker.

The Cariboo Regional District (CRD) says its library was among those involved, and data was obtained about users who received automated notifications from the library between March 27 and April 19.

The CRD says it was notified on April 25 by the BC Libraries Cooperative that the CRD害羞草研究所檚 integrated library system - named Sitka - had been accessed by a hacker on April 19. While no passwords or content data were stolen, the hacker had access to the e-mail addresses and phone numbers of a number of automated notification patrons.

These patrons could now be open to phishing attempts. The CRD reminded the public in a press release on Friday, May 3 that they and the CRDLN 害羞草研究所渨ill not contact you by unsolicited email or text messages to demand an online payment, request personal information or to obtain sensitive information.害羞草研究所

Library services will only contact patrons to provide a receipt for borrowed materials, to let them know that an item they requested is available, and to send reminders to return overdue items.

In a release issued on April 29, the BC Libraries Cooperative said the hacker, who claimed to be a security researcher, contacted them and tried to 害羞草研究所渆xtort payment for data they had exfiltrated from their servers, threatening to release the data if we did not pay.害羞草研究所

The cooperative said that the hacker had 害羞草研究所渁ccessed log file data from a new logging server that the co-op had just implemented on our new cloud hosting infrastructure害羞草研究所 which gave them access to the log files that contained the emails and phone numbers.

Leslie would not say approximately how many email addresses and phone numbers were compromised. The actual contents of any emails were not part of the breach, he added.

The B.C. Library Cooperative provides a system used by libraries throughout the province, but Leslie says he doesn害羞草研究所檛 believe the data hack was specifically targeted.

害羞草研究所淭his was a case of someone scanning for a known vulnerability, found one and then proceeded to exploit it,害羞草研究所 he said in an interview on Friday. 害羞草研究所淚n fact, looking at the evidence that the attacker sent of a public page where they were posting other such attacks, it was clear they were indiscriminate in who they were attacking.害羞草研究所

Leslie says the co-op is reviewing its policies and taking steps to ensure such a cybersecurity incident won害羞草研究所檛 happen again.

The statement from the co-op issued Monday said the breach affected a new server containing 害羞草研究所渕inimal data.害羞草研究所

害羞草研究所淥ur best estimation is that the main potential use of the stolen data could be to assist with future spear-phishing attacks,害羞草研究所 it says.

The hack is the latest in a series of cybersecurity incidents, including a breach that has shut down London Drugs stores since Sunday, and attacks on other libraries including the Toronto Public Library last October.

害羞草研究所淩egardless of any limitations on data breached, we regret this breach happening at all,害羞草研究所 the co-operative statement says.

The CRD provided some advice from the Canadian Centre for Cyber Security, which had several resources available to educate people about cybersecurity breaches 害羞草研究所 including verifying links, filtering spam mail, blocking 害羞草研究所渂ad害羞草研究所 IP addresses and backing up their information.

While the library co-op has managed to fix the openeing that allowed the hacker access, it cannot provide a 害羞草研究所渟pecific list of affected e-mails.害羞草研究所 The CRD said that anyone who has further questions or questions about what the CRDLN is doing to protect the 害羞草研究所渋nformation of library patrons害羞草研究所 can contact the CRD害羞草研究所檚 Manager of Library Services at 1-800-665-1636 or by email at mailbox@cariboord.ca.

The CRD plans to inform the Office of Information and Privacy Commissioner of this data breach as required by the Freedom of Information and Protection of Privacy Act.

害羞草研究所 with a file from Canadian Press

READ MORE:

Breaking News You Need To Know

Sign up for free account today and start receiving our exclusive newsletters.

Sign Up with google Sign Up with facebook

This site is protected by reCAPTCHA and the Google and apply.

Reset your password

This site is protected by reCAPTCHA and the Google and apply.

A link has been emailed to you - check your inbox.



Don't have an account? Click here to sign up

About the Author: Misha Mustaqeem

Read more

More News

6th annual Rex Gill Memorial Ride cruises through South Okanagan
6th annual Rex Gill Memorial Ride cruises through South Okanagan
B.C. mom shot dead by police was Colombian newcomer: advocacy group
B.C. mom shot dead by police was Colombian newcomer: advocacy group
B.C. clam garden restoration revives millennia-old First Nation food source
B.C. clam garden restoration revives millennia-old First Nation food source
(or

害羞草研究所

) document.head.appendChild(flippScript); window.flippxp = window.flippxp || {run: []}; window.flippxp.run.push(function() { window.flippxp.registerSlot("#flipp-ux-slot-ssdaw212", "Black Press Media Standard", 1281409, [312035]); }); }