Toronto Public Library confirms data stolen in ransomware attack

The Toronto Public Library confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. According to TPL, the attackers stole "a large number of files from a file server" containing data of Toronto Public Library and the Toronto Public Library Foundation employees, going back to 1998. "Information related to these individuals was likely taken, including their name, social insurance number, date of birth and home address. Copies of government-issued identification documents provided to TPL by staff were also likely taken," the library said in an update to its incident report. "Our cardholder and donor databases are not affected. However, some customer, volunteer and donor data that resided on the compromised file server may have been exposed." The library has yet to disclose what customer data was stolen and how many customers were affected by the data breach. As Canada's largest public library system, TPL operates on a budget exceeding $200 million, has a membership base of 1,200,000 registered individuals, and provides access to 12 million books across 100 branch libraries throughout the city. While the library hasn't yet attributed the attack to a specific ransomware operation, BleepingComputer has learned that the Black Basta ransomware gang was behind the October 28 attack after seeing a photo of a ransom note shown on a TPL workstation. As a TPL employee told BleepingComputer, the attack occurred overnight on October 27, disrupting numerous services by Saturday morning. We were also told that the attack had minimal impact on TPL's email services and didn't affect the library's phone system. The organization's primary servers were also not encrypted, hinting at the possibility that the Black Basta operators didn't have full access to the library's networks and data. As a precautionary measure to prevent the spread of the malware, TPL shut down all other internal systems after the attack was detected. Black Basta emerged as a Ransomware-as-a-Service operation in April 2022, with double-extortion attacks targeting many corporate entities. After the Conti ransomware gang stopped operating in June 2022 following a sequence of humiliating data breaches, the cybercrime syndicate fragmented into smaller factions, one of which is presumed to be Black Basta. "The threat group's prolific targeting of at least 20 victims in its first two weeks of operation indicates that it is experienced in ransomware and has a steady source of initial access," the Department of Health and Human Services security team said in March. "The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups." MGM Resorts ransomware attack led to $100 million loss, data theft. Motel One discloses data breach following ransomware attack. Maine govt notifies 1.3 million people of MOVEit data breach. McLaren Health Care says data breach impacted 2.2 million people. Kyocera AVX says ransomware attack impacted 39,000 individuals.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Toronto Public Library confirms data stolen in ransomware attack

Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
11 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Toronto Public Library confirms data stolen in ransomware attack - The Toronto Public Library confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. According to TPL, the attackers stole "a large number of ...
11 months ago Bleepingcomputer.com
Toronto Zoo: Ransomware attack had no impact on animal wellbeing - Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. The zoo said it doesn't store any credit card information and is also ...
9 months ago Bleepingcomputer.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com
British Library: Ongoing outage caused by ransomware attack - The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. Over 11 million visitors use the library's website annually, with more than 16,000 people using its collections ...
11 months ago Bleepingcomputer.com
Toronto Zoo says it remains open after ransomware attack - The Toronto Zoo said Monday evening that it was responding to a ransomware attack detected on January 5. The organization said its staff immediately began an investigation into the incident once it was discovered. The zoo welcomes more than 1.2 ...
9 months ago Therecord.media
DP World confirms data stolen in cyberattack, no ransomware used - International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. The company says no ransomware payloads or encryption was used in the attack. On November ...
11 months ago Bleepingcomputer.com
Rhysida ransomware gang claims British Library cyberattack - The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. Rhysida is auctioning off the data it reportedly stole from the United Kingdom's national library ...
11 months ago Bleepingcomputer.com
Ontario public library shuts down most services due to cyberattack - A popular library in Ontario, Canada was forced to shut down most of its services this week due to a cyberattack - the latest library to face issues after hackers infiltrated its systems. The London Public Library, which services the Canadian city's ...
10 months ago Therecord.media
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
Toronto Public Library 'remains a crime scene' after ransomware attack - The Toronto Public Library is still in the process of recovering from a ransomware attack that limited its offerings and required wholesale changes to how the organization runs. Toronto City Librarian Vickery Bowles published a lengthy note on ...
10 months ago Therecord.media
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
11 months ago Therecord.media
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
11 months ago Bleepingcomputer.com
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
4 months ago Bleepingcomputer.com
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
4 months ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
7 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com
Toyota confirms breach after Medusa ransomware threatens to leak data - Toyota Financial Services has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is ...
11 months ago Bleepingcomputer.com
Cold storage giant Americold discloses data breach after April malware attack - Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and ...
10 months ago Bleepingcomputer.com
Qilin ransomware claims attack on automotive giant Yanfeng - The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. Yanfeng is a Chinese automotive parts developer and manufacturer focused on interior ...
11 months ago Bleepingcomputer.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)