May 3, 2024
24-09
Integrated Library System impacted by data breach
Williams Lake, BC – The Cariboo Regional District has been informed that the integrated library system (Sitka) of the Cariboo Regional District Library Network was recently impacted by a data breach.
On April 25, 2024, our ILS (integrated library system) provider, the BC Libraries Cooperative, (the Co-op) notified us that they had experienced a security incident. The data breach impacted users of several library networks which use the ILS system, operated by a third-party service provider. The BC Libraries Cooperative has released a statement about the incident on its website: https://bc.libraries.coop/news/cyber-security-incident-april-19/.
Log files on their servers were compromised that contained the email addresses and phone numbers of patrons who had received automated notifications from the library system (i.e., checkout notices, overdue notices, hold notifications) between March 27 and April 19.
This is the limit of what was obtained – patron email addresses or phone numbers and nothing else.
The leaked information is limited to any notifications sent between March 27 and April 19 through email or SMS text, and is limited to only the email address or phone number the notification was sent to. The content of the notifications was NOT leaked. The leaked data does not say what the notifications were about, and it does NOT reveal any other information about patrons or their library use, such as checkouts and holds.
The Co-op informed us that the exploit which allowed the attacker to gain access to this log file was closed on April 19, 2024. The Co-op is not able to provide a specific list of affected emails, and therefore we are required to take an Indirect Method of contact with our patrons. We have placed a notice on our website and have also linked to that notice from within the affected software, describing the extent of the breach and steps patrons can take to help combat any potentially resulting spam or phishing attempts. The Office of the Information and Privacy Commissioner will also be notified of the breach, as required by the Freedom of Information and Protection of Privacy Act.
We want to reassure all library patrons that the Cariboo Regional District and the Cariboo Regional District Library Network will not contact you by unsolicited email or text messages to demand an online payment, request personal information, or to obtain sensitive information. The Library Network’s system will contact you only in one of two circumstances:
The Canadian Centre for Cyber Security has several resources available that seek to educate others about cybersecurity risks, including those presented by phishing scams. They have recommended several ways you can protect yourself and your information, including:
Anyone with questions about the data breach and any appropriate measures that are being taken to protect the information of library patrons can contact the Manager of Library Services at 1-800-665-1636 or by email to mailbox@cariboord.ca. For more information on how to protect yourself from phishing scams, you can also visit the Canadian Centre for Cyber Security’s website: https://www.cyber.gc.ca/en/guidance/dont-take-bait-recognize-and-avoid-phishing-attacks