It’s still unclear what caused the cybsercurity breach at the Calgary Public Library.
When John Manning showed up at the Fish Creek branch of the Calgary Public Library on Saturday afternoon, he was surprised to be met by an empty parking lot, a locked door and a sign informing him the facility was closed.
Like many Calgarians who showed up at the southwest branch on Saturday, Manning discovered the Calgary Public Library had experienced a cybersecurity breach on Friday, leading to the closure of all 21 branches.
Manning, who works in IT, said he was concerned upon learning about the security breach.
“I mean, some of your personal information is associated with your library card,” he told Postmedia. “Whether or not that puts you at more risk than other sites that already have your data, I don’t know.
“Working in IT, this sort of thing is part of the landscape now.”
Though the scope and cause of the breach remained unknown, the library closed all of its locations on Friday at 5 p.m., to mitigate the potential impacts. As a result of the incident, “all servers and library computer access will also be turned off,” CPL said in a statement.
The library’s IT security team was working to determine the scope of the breach, the statement said, adding it will continue to provide updates of the closures when more information becomes available.
It did not provide a timeline for when its 21 locations would reopen, and a library spokesperson on Saturday morning told Postmedia the statement from Friday afternoon remained in effect.
An IT security expert said that while details are still scarce, in most cases, cybersecurity breaches of this sort are the result of a phishing email scam.
“We don’t know the exact cause of this one, but far and away, the most common (cause) is a phishing email to an employee who has trusted access to the system,” said Dr. Tom Keenan, a professor at the University of Calgary.
“They click on it, or they click on an attachment (that says) some Saudi prince wants to give them $1 million or they’ve won a contest, and when they click on that email, they’ve basically given over control of the computer to the bad guys, and they’re then able to infiltrate the network.”
In terms of why hackers would target a public library’s computer systems, Keenan mused it could be to exfiltrate the large amount of personal information that libraries keep track of.
“People say why a library? The answer is, just about everyone I know has a library card,” he said.
“There’s a huge population (of users) and you have to think back — what did you give them when you signed up for your library card? At the very least, you probably gave them your name, your email, your phone number and maybe your address and date of birth. The reality is, they now have all that data.”
While cardholder and donor databases were unaffected by the Toronto cyberattack, the Sun reported that some customer, volunteer and donor data on a compromised server may have been exposed.
“We’re certainly hoping this is not a four-month problem here in Calgary,” Keenan said, adding that in Toronto’s case, the library refused to pay the ransom demanded by the hackers.
Identity theft is a common reason why cybercriminals would want to exfiltrate library data, but Keenan noted they could have much more subtle motivations, such as targeting library users with future phishing scams based on their most common reading material.
“The library has to keep track of which books you checked out, because they want them back, and therefore, there’s information in there that could be used against you,” he said.
Another patron who attempted to access the Fish Creek branch on Saturday was Woodlands resident Lynda Wise. An early childhood educator, she was hoping to pick up 10 books about space exploration she had put on hold, to read to her students.
“I received a phone call letting me know my books are ready for pick-up and to pick them up before a certain date, which is today,” she said.
While she had heard about the security breach beforehand, Wise said she figured the incident was limited to the library’s computers.
As a frequent library-goer, she said she hopes the situation can be resolved quickly.
As for how the Calgary Public Library will respond to the security breach, Keenan said IT security professionals usually adhere to what’s called the “3-2-1” rule, whereby three copies of databases are maintained under two different formats, with at least one located offsite, with the organization’s data backed up.
“In a classic ransomware, they encrypt your data so you don’t have it anymore,” he explained. “They shouldn’t have that problem because if they have good IT practices, there would be a copy, maybe not totally up to date, of all their stuff … stored off-site in a place far from the library’s computer.
“Basically what they need to do is restore their database, beef up their security, figure out how this happened … and make it better.”
— With files from Matt Scace and the Toronto Sun