In its latest update about the ransomware attack that took out its tech systems and services last month, the Seattle Public Library said Thursday that the personal information of some staff members was compromised.
“We have become aware of a very small number of library staff members whose personal information was downloaded during the attack,” the library said in a post on the Shelf Talk Blog, where it has been providing progress reports about its recovery from the cybersecurity incident. “We have notified these employees directly and have provided supportive resources, including a 24-month membership to a credit and identity monitoring service.”
The library added that if finds that additional staff members’ or patrons’ personal information was downloaded, it will notify those individuals.
The information breach was detected this week as the library worked to restore staff access to its network, which it said could provide “the foundation needed to restore other public services in coming weeks.” Those services include access to patron accounts, the library’s catalog, public Wi-Fi, printing and computers.
Laura Gentry, head of communications for SPL, told GeekWire this week that in order to protect the integrity and effectiveness of the library’s response to the incident, it cannot provide additional details about the threat actor or the nature of the attack at this time.
“We continue to investigate what happened, identify affected data, and strengthen the security of the library,” Gentry said. “All of this work takes care and time, and we expect the investigation to take several more weeks — we want to do this right and provide patrons with accurate and appropriate information.”
The library, with 27 branches across Seattle, said it expects to have more information next week about the timeline and order of recovery for services that are still offline. A list of services that have been restored so far, such as e-books, is available here.
Previously: Why did ransomware hackers target Seattle Public Library?
