The Toronto Public Library (TPL) recently confirmed a severe security breach resulting from a ransomware attack in October.
The attackers believed to be Black Basta members, targeted a file server, stealing a significant amount of sensitive information from TPL and Toronto Public Library Foundation (TPLF) employees dating back to 1998.
Extent of Compromised Data
Based on Bleeping Computer's investigation, the stolen data includes personal details such as names, social insurance numbers, dates of birth, and home addresses. Additionally, copies of government-issued identification documents provided by staff were likely accessed.
While cardholder and donor databases remain unaffected, customer, volunteer, and donor data on the compromised server may have been exposed.
Since then, TPL has taken a proactive stance, refusing to pay any ransom demands. The library is collaborating with external cybersecurity experts to thoroughly investigate the incident.
To ensure transparency and compliance, TPL reported the breach to Ontario's Information and Privacy Commissioner and filed a report with the Toronto Police.
Related Article : Dolly.com Hackers Leak Data Despite Receiving Ransom
Impact on Canada's Largest Public Library System
As the largest public library system in Canada, TPL operates on a budget exceeding $200 million, serving a membership base of 1,200,000 registered individuals across 100 branch libraries. The breach has raised concerns about the potential impact on the library's vast user community.
"The threat group's prolific targeting of at least 20 victims in its first two weeks of operation indicates that it is experienced in ransomware and has a steady source of initial access," the Department of Health and Human Services security team said in March.
Black Basta Ransomware Gang
While TPL has not officially attributed the attack to a specific ransomware group, evidence suggests the involvement of the Black Basta ransomware gang. This conclusion is based on a photo of a ransom note displayed on a TPL workstation during the attack.
Speaking of which, the group emerged in April 2022 as a Ransomware-as-a-Service (RaaS) operation. It gained notoriety for double-extortion attacks on various corporate entities. Believed to be a splinter group from the Conti ransomware gang, Black Basta has displayed a high level of sophistication, possibly linked to Russian-speaking cyber threat groups like FIN7.
TPL took swift action to contain the attack, shutting down internal systems to prevent further malware spread.
The full extent of the data breach and its implications on affected individuals is yet to be disclosed.
Outside Canada, the Black Basta cybercriminals also gained the attention of the Chilean government. The Record reported that the dangerous group attacked the digital infrastructure of the agencies.
Elsewhere, Perry Johnson & Associates, a healthcare firm in the US suffered from a cyberattack. At that time, the unknown threat actors stole data that belonged to roughly nine million users.