British Columbia libraries cooperative hit by cyber attack, data breach

The British Columbia Libraries Cooperative (abbreviated as B.C. Libraries Co-Op) was a target of cyber attack. The hackers are threatening to release user data unless the demand was met. The B.C. Libraries Co-op is a collaborative organization that provides support and shared services to member libraries like access to digital content, software, and other operational tools.

The incident ccurred between March 27 and April 19 and was reported on April 19 when the co-op received an extortion email from a hacker claiming possession of "sensitive" information. The co-op chose not to respond or pay any ransom.

The investigation revealed that the hacker had accessed email addresses and phone numbers of library patrons who receive automated notifications from the libraries. The compromised data primarily came from a new logging server implemented by the co-op on their new cloud hosting infrastructure. It was determined that no passwords or email content (either subject lines or message contents) were compromised.

The number of affected individuals is not disclosed.

Scott Leslie, the privacy and security officer for the B.C. Libraries Cooperative, noted that the breach seemed to result from the exploitation of a known vulnerability. The vulnerability was closed and libraries are notifying their patrons.