B.C. libraries have been targeted by a hacker who demanded a ransom or they would release user data that includes the phone numbers and email addresses of some clients.
Scott Leslie, the privacy and security officer for the B.C. Libraries Cooperative and says they received an email from the hacker on April 19 claiming to have taken 香蕉视频直播渟ensitive香蕉视频直播 information and threatening to release it if the co-op didn香蕉视频直播檛 pay.
He says the co-op investigated and found some users香蕉视频直播 email addresses and phone numbers had been taken, but the hacker didn香蕉视频直播檛 have as much data as they claimed.
Leslie says the co-op didn香蕉视频直播檛 respond and didn香蕉视频直播檛 send any ransom money, though it received several additional emails from the hacker.
The Cariboo Regional District (CRD) says its library was among those involved, and data was obtained about users who received automated notifications from the library between March 27 and April 19.
The CRD says it was notified on April 25 by the BC Libraries Cooperative that the CRD香蕉视频直播檚 integrated library system - named Sitka - had been accessed by a hacker on April 19. While no passwords or content data were stolen, the hacker had access to the e-mail addresses and phone numbers of a number of automated notification patrons.
These patrons could now be open to phishing attempts. The CRD reminded the public in a press release on Friday, May 3 that they and the CRDLN 香蕉视频直播渨ill not contact you by unsolicited email or text messages to demand an online payment, request personal information or to obtain sensitive information.香蕉视频直播
Library services will only contact patrons to provide a receipt for borrowed materials, to let them know that an item they requested is available, and to send reminders to return overdue items.
In a release issued on April 29, the BC Libraries Cooperative said the hacker, who claimed to be a security researcher, contacted them and tried to 香蕉视频直播渆xtort payment for data they had exfiltrated from their servers, threatening to release the data if we did not pay.香蕉视频直播
The cooperative said that the hacker had 香蕉视频直播渁ccessed log file data from a new logging server that the co-op had just implemented on our new cloud hosting infrastructure香蕉视频直播 which gave them access to the log files that contained the emails and phone numbers.
Leslie would not say approximately how many email addresses and phone numbers were compromised. The actual contents of any emails were not part of the breach, he added.
The B.C. Library Cooperative provides a system used by libraries throughout the province, but Leslie says he doesn香蕉视频直播檛 believe the data hack was specifically targeted.
香蕉视频直播淭his was a case of someone scanning for a known vulnerability, found one and then proceeded to exploit it,香蕉视频直播 he said in an interview on Friday. 香蕉视频直播淚n fact, looking at the evidence that the attacker sent of a public page where they were posting other such attacks, it was clear they were indiscriminate in who they were attacking.香蕉视频直播
Leslie says the co-op is reviewing its policies and taking steps to ensure such a cybersecurity incident won香蕉视频直播檛 happen again.
The statement from the co-op issued Monday said the breach affected a new server containing 香蕉视频直播渕inimal data.香蕉视频直播
香蕉视频直播淥ur best estimation is that the main potential use of the stolen data could be to assist with future spear-phishing attacks,香蕉视频直播 it says.
The hack is the latest in a series of cybersecurity incidents, including a breach that has shut down London Drugs stores since Sunday, and attacks on other libraries including the Toronto Public Library last October.
香蕉视频直播淩egardless of any limitations on data breached, we regret this breach happening at all,香蕉视频直播 the co-operative statement says.
The CRD provided some advice from the Canadian Centre for Cyber Security, which had several resources available to educate people about cybersecurity breaches 香蕉视频直播 including verifying links, filtering spam mail, blocking 香蕉视频直播渂ad香蕉视频直播 IP addresses and backing up their information.
While the library co-op has managed to fix the openeing that allowed the hacker access, it cannot provide a 香蕉视频直播渟pecific list of affected e-mails.香蕉视频直播 The CRD said that anyone who has further questions or questions about what the CRDLN is doing to protect the 香蕉视频直播渋nformation of library patrons香蕉视频直播 can contact the CRD香蕉视频直播檚 Manager of Library Services at 1-800-665-1636 or by email at mailbox@cariboord.ca.
The CRD plans to inform the Office of Information and Privacy Commissioner of this data breach as required by the Freedom of Information and Protection of Privacy Act.
香蕉视频直播 with a file from Canadian Press
READ MORE:
