Last month, a hacker contacted the B.C. Libraries Co-operative and attempted to extort payment by threatening to release user data stolen from their servers. The co-operative provides library systems for multiple institutions throughout British Columbia.
What Data Was Breached?
The hacker accessed log file data from the co-operative’s new cloud hosting infrastructure. Upon review, they determined that “minimal data” was obtained from their email server, including:
- Information indicating emails were sent between addresses, but not email content
- No passwords were stolen
Despite claims of “minimal data” breached, the co-operative stated “we regret this breach happening at all.”
Potential Phishing Schemes The co-operative believes the stolen email metadata could be used for phishing schemes by pretending to send emails from known contacts to victims. Phishing is a form of cyber attack where hackers impersonate legitimate organizations to trick people into sharing sensitive information like passwords and credit card numbers.
Other Recent Cyberattacks This breach is the latest in a string of cybersecurity incidents hitting organizations in British Columbia and across Canada, including:
- London Drugs stores closed after a “cybersecurity incident”
- Toronto Public Library cyberattack in October 2022
The Cariboo Regional District library was among those affected by the B.C. co-operative breach. User data was obtained for patrons who received automated notifications between March 27th and April 19th.
Reporting the Breach The B.C. Libraries Co-operative has stated they will notify the Office of the Information and Privacy Commissioner regarding the data breach, as required.
