TPL Maintenance

This update provides more information about the cybersecurity incident that we first announced on October 28, 2023, the day it first came to our attention. It has been a very challenging time, and we are deeply sorry for the concern it has caused. It is so unfortunate that data security and ransomware incidents are becoming increasingly common, and that public sector organizations including hospitals, schools and libraries – all dedicated to the betterment of the community – are being targeted.

We sincerely thank all staff who have been working tirelessly to address the impact of this incident and prepare for the restoration of library services, and all our customers for their patience and support.

We have also been working with third-party cybersecurity experts to address this issue, and have reported the breach to the Information and Privacy Commissioner of Ontario. A report has also been filed with Toronto Police Service.

Although our investigation is continuing and will continue for some time, we are now able to explain more.

Regrettably, the criminals that compromised our network did steal a large number of files from a file server. We did not pay a ransom. We are aware that stolen data connected to this incident may be published on the dark web, which is part of the internet that is not accessible except through a special browser. We are currently evaluating the affected data and can share some preliminary conclusions.

Initial Update on Stolen Data

At this point in our investigation, we believe current and former staff employed by Toronto Public Library (TPL) and the Toronto Public Library Foundation (TPLF) from 1998 are impacted. Information related to these individuals was likely taken, including their name, social insurance number, date of birth and home address.

Copies of government-issued identification documents provided to TPL by staff were also likely taken.

Our cardholder and donor databases are not affected. However, some customer, volunteer and donor data that resided on the compromised file server may have been exposed. It will take us time to analyze data to determine who is affected and how. We will continue to be transparen't and notify those affected as appropriate and in light of our findings.

What’s Next

Given the nature of the information exposed and to give peace of mind, TPL is offering two years of complimentary credit monitoring to current and past TPL and TPLF employees.

All current employees will receive a notification letter by mail. Current employees who have not received this letter by the end of November are asked to send an email to employee.support@tpl.ca.

We encourage you to read our Frequently Asked Questions (PDF) for more information.

We have already made improvements to our network security, and when the investigation is complete, we will respond to findings in a manner that better protects us from the very significant data privacy and cybersecurity risks faced by public institutions today.

If you have additional questions, contact:

Current and former employees: employee.support@tpl.ca

Customers: cyberincident.support@tpl.ca

Media: media@tpl.ca