Cybersecurity Incident FAQ
- What happened?
-
On October 28, 2023, TPL was the victim of a cybersecurity incident. A large number of files stored
on a TPL file server were stolen.We have confirmed that this incident was perpetrated by cyber criminals. We are aware that stolen
data connected to this incident may be published on the dark web (a part of the internet that is not
accessible except through a special browser) and are currently evaluating the affected data. Having
received guidance from third-party experts and legal counsel, the TPL Board determined it would not
pay a ransom. TPL branches remain open, and we are working on full service restoration. - What data was exposed in the cybersecurity incident?
-
At this point in our investigation, we believe current and former staff employed by Toronto Public
Library and the Toronto Public Library Foundation from 1998 are impacted. Information related to
employees was likely taken, including their name, social insurance number, date of birth and home
address.Copies of government-issued identification documents provided to TPL by staff were also likely taken.
Our cardholder and donor databases are not affected. However, some customer, volunteer and donor data
that resided on the compromised file server may have been exposed. It will take us time to analyze
the data to determine who is affected and how. We will continue to be transparen't and notify those
affected as appropriate and in light of our findings. - How does TPL know data was exposed?
-
As part of an ongoing investigation, we have confirmed there has been data exposure with the support
of third-party experts. - How did the cybersecurity incident happen?
-
We are currently investigating and have not yet determined how the incident occurred.
- Why didn’t you announce the data theft earlier?
-
We announced the data theft immediately after it was confirmed.
- Why didn’t TPL pay the ransom?
-
While payment would likely prevent immediate publication of stolen data on the dark web, TPL could
not treat the data as recovered and we could not guarantee that affected individuals are not at
continued risk. TPL would also face criticism for contributing to ransomware crime. - What is the dark web?
-
The dark web is a part of the internet that is not accessible except through a special browser.
- Are TPL customers affected by the incident?
-
Our cardholder and donor databases are not affected. However, some customer, volunteer and donor data
that resided on the compromised file server may have been exposed. It will take us time to analyze
the data to determine who is affected and how. We will continue to be transparen't and notify those
affected as appropriate and in light of our findings. - What action should customers take?
-
None at this time. Impacted customers will be notified and supported as needed.
- Are former TPL employees affected by the incident?
-
At this time, we have determined that staff employed by Toronto Public Library and the Toronto Public
Library Foundation from 1998 are impacted. - What actions should former employees take?
-
Affected former employees should contact TPL at employee.support@tpl.ca to request their credit
monitoring code and instructions. - How long will it take to analyze the stolen data? When can others who may be affected expect to be
notified? -
Right now, we can say that we will proceed expeditiously but the analysis may take months.
- What can I do to protect myself?
-
Everyone should, as always, be on guard for suspicious communications and should regularly check
their financial statements for suspicious transactions. - I have questions about the incident. Who should I contact?
-
- Current and former employees: employee.support@tpl.ca
- Customers: cyberincident.support@tpl.ca
- Media: media@tpl.ca
Comments