Libraries in British Columbia have been targeted by a hacker who threatened to release user data if a ransom was not paid.
The B.C. Libraries Co-operative said in a statement Monday that on April 19 it was contacted by a hacker “attempting to extort payment” using private information taken from its servers.
The co-operative provides library systems for multiple institutions around the province.
It said the hacker had accessed log file data from its new cloud hosting infrastructure and, upon review, “minimal data” from its email server was obtained.
“We determined that no passwords nor any content of emails (neither subject lines nor message contents) were stolen,” the statement said.
London Drugs stores across Western Canada were suddenly closed on Sunday after the company said it was a “victim of a cybersecurity incident.” Cybersecurity expert Francis Syms explains what challenges the company could be dealing with.
The hacker was able to get information indicating that emails had been sent from one address to another, but without knowing the content, it added.
“Regardless of any limitations on data breached, we regret this breach happening at all,” the co-operative statement says.
The statement said the co-operative believes the emails were to be used in phishing schemes by pretending to send emails to people from known contacts.
It said the Office of the Information and Privacy Commissioner would be notified of the breach.
The hack is the latest in a series of cybersecurity incidents, including a breach that has shut down London Drugs stores since Sunday, and attacks on other libraries including the Toronto Public Library last October.
The Cariboo Regional District said its library was among those involved, and data was obtained about users who received automated notifications from the library between March 27 and April 19.
It said it was informed of the breach last week by the B.C. Libraries Co-operative.
The district said the co-operative could not provide a list of the affected emails, so it had reached out indirectly to library users through a notice on its website.