Toronto Zoo reports being hit by ransomware attack
Learn More
The Toronto Zoo has experienced a ransomware attack since early Friday, which has affected certain operations but not compromised animal care or support systems. During the recovery period period, the zoo has warned that customer response times may be affected.
The zoo, which remains open and continues to process online ticket orders, is actively investigating the impact of the cyber incident on guest, member, and donor records. While clarifying that they do not store credit card information, they have reported the incident to the Toronto police and are working closely with the city's Chief Information Security Office and external cybersecurity experts to manage the situation.
The attack is the latest in a series of cybersecurity incidents targeting public organizations in Canada, including the LCBO, multiple Ontario hospitals, and the Toronto Public Library.
Update - on 17th of January 2024 the Toronto Zoo reported that the cyberattack compromised personal information of current, former, and retired employees dating back to 1989. Exposed data includes
- earnings,
- social insurance numbers,
- birthdates,
- contact details and addresses.
The zoo is offering complimentary two-year credit monitoring to those impacted and is continuing its investigation.
As of 1st of March 2025, the Toronto Zoo has issued a "final notification" regarding the ransomware attack, revealing that visitor and member transaction data spanning more than two decades was "taken and leaked" on the dark web.
Tthe compromised information includes data for all guests and members who purchased general admission or memberships between 2000 and April 2023:
- First and last names
- Street address information (in some cases)
- Phone numbers (in some cases)
- Email addresses (in some cases)
- Last four digits of credit card numbers (for transactions between January 2022 and April 2023)
- Associated credit card expiration dates (for transactions between January 2022 and April 2023)
Beyond personal information, the zoo revealed it has also lost "decades" of wildlife conservation research data as a result of the attack.
The Akira ransomware operation has claimed responsibility for the breach. According to Akira's claims, they exfiltrated approximately 133GB of files from the zoo's compromised file server, including database backups, ticket information, and other user data. As of early February, the cybercrime group is distributing a torrent file containing multiple archives comprising over 35GB of this data.
