Pierce County Library System reports data breach

Pierce County Library System (PCLS) reports a cybersecurity incident in which an unauthorized third party gained access to its network and exfiltrated data. 

The breach was  detected on April 21, 2025, when Information Technology staff observed unusual and potentially malicious activity on the library's computer systems. The IT team shut down all network systems as a precautionary measure.

The library officially confirmed the security incident on May 12, 2025, following a three-week investigation. Security experts from the Multistate Information Sharing and Analysis Center (MS-ISAC), a government cybersecurity organization, were engaged to provide technical support throughout the initial investigation. 

Library officials have characterized the incident as a criminal act and have notified law enforcement.

While the investigation has confirmed that some library data was exfiltrated during the incident. The nature of the attack, types of exposed data and number of affected individuals are not disclosed.

The library has stated that it practices data minimization as a matter of policy, limiting the amount of personal information collected from library users. PCLS has committed to notifying individuals whose personally identifiable information was compromised once those details are established. 

Update - as of 12th of December 2025, Pierce County Library System reports that the attack affected over 340,000 people. Exposed dat includes: 

• Social Security numbers, financial account information and medical data for current and former employees,
• names and dates of birth of library patrons

The attack was claimed by the INC ransomware gang.