B.C. library co-op seals leak after hacker obtained data, demanded ransom
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$0 for the first 4 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*No charge for 4 weeks then price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 03/05/2024 (581 days ago), so information in it may no longer be current.
VICTORIA – A hacker demanded ransom money after obtaining data from a server used by libraries throughout British Columbia, but a system manager who responded to the incident saysthe leak was limitedand the issue was fixed immediately.
Scott Leslie is the privacy and security officer for the B.C. Libraries Cooperative and says they received an email from the hacker on April 19 claiming to have taken “sensitive” information and threatening to release it if the co-op didn’t pay.
He says the co-op investigated and found some users’ email addresses and phone numbers had been taken, but the hacker didn’t have as much data as they claimed.
Leslie says the co-op didn’t respond and didn’t send any ransom money, though it received several additional emails from the hacker.
The Cariboo Regional District issued a statement on Friday saying its library was among those affected by the data breach, which involves users who received automated notifications from the library system between March 27 and April 19.
Leslie would not say approximately how many email addresses and phone numbers were compromised.
The actual contents of any emails were not part of the breach, he adds.
The B.C. Library Cooperative provides a system used by libraries throughout the province, but Leslie says he doesn’t believe the data hack was specifically targeted.
“This was a case of someone scanning for a known vulnerability, found one and then proceeded to exploit it,” he said in an interview on Friday. “In fact, looking at the evidence that the attacker sent of a public page where they were posting other such attacks, it was clear they were indiscriminate in who they were attacking.”
Leslie says the co-op is reviewing its policies and taking steps to ensure such a cybersecurity incident won’t happen again.
The statement from the co-op issued Monday said the breach affected a new server containing “minimal data.”
“Our best estimation is that the main potential use of the stolen data could be to assist with future spear-phishing attacks,” it says.
The hack is the latest in a series of cybersecurity incidents, including a breach that has shut down London Drugs stores since Sunday, and attacks on other libraries, including the Toronto Public Library last October.
“Regardless of any limitations on data breached, we regret this breach happening at all,” says the statement from the co-operative.
The Cariboo Regional District says the co-op could not provide a list of affected email addresses, so it had posted a notice on its website.
It said the Office of the Information and Privacy Commissioner would also be notified of the breach.
Gerald Pinchbeck, communications manager for the district, said they want library users to understand that they may be targeted by further phishing attacks.
This report by The Canadian Press was first published May 3, 2024.