Offline
Why would someone hack hospitals...
Offline
Yeah really eh? They should be putting their energy into radio stations.
Offline
Two thoughts....
i) Is it really / truly hacked or did it become inoperable due to a maintenance routine (or lack there of)?
I know of a few issues last weekend where the main website was based on Wordpress and while Wordpress itself was not the issue, some of the "3rd party" site "looks" or "themes" were... A lot of issues with Wordpress are due to vulnerabilities with the 3rd party looks / themes... they are regularly attacked as security weaknesses are targeted and compromised.
ii) Maybe it is just someone or a group trying to see what they can do? Kind of a "test run" before they go after bigger fish....?
Offline
So that they pay the ransom to have their data unlocked.
TPL has a budget of ~200 million and 2,500 employees. It's a pretty big fish
Online!
Whoever the culprit is, I hope they throw the book at him.
Offline
Glen Warren wrote:
Two thoughts....
i) Is it really / truly hacked or did it become inoperable due to a maintenance routine (or lack there of)?
I know of a few issues last weekend where the main website was based on Wordpress and while Wordpress itself was not the issue, some of the "3rd party" site "looks" or "themes" were... A lot of issues with Wordpress are due to vulnerabilities with the 3rd party looks / themes... they are regularly attacked as security weaknesses are targeted and compromised.
ii) Maybe it is just someone or a group trying to see what they can do? Kind of a "test run" before they go after bigger fish....?
Offline
still not totally back to regular operations
Offline
betaylored wrote:
still not totally back to regular operations
It's taking longer than Rogers.
Offline
Whatever the reason is for the library being down, I sure hope it gets fixed soon! I am lost without my books!!
Online!
Greg Brady was talking about this on Tuesday, saying they'd suffered a ransomware attack and still have not been able to get fully back online, almost two weeks later. If that's true, it doesn't appear they've paid the hackers, if they're still down all this time later.
How ironic - the one thing you can't hack is a printed book!
Offline
No end in sight.
Offline
Looks like employee information was compromised. No ransom was paid.
Offline
I use the library a lot and it hasn't affected me except for looking up their digitized newspaper editions from way, way back in time and searching for a physical book I wanted. I just finished an audio book and took out a e-book yesterday without any problem. It's a pain if anyone is looking for a book that is physically in the library system but not if it's on the virtual side (unless it's newspapers).
The Toronto library online is broken up into several independent segments and some look like they're contracted out, so that's why the entire system wasn't compromise. As for why it was hacked, it's probably a ransomware attack because they don't store a lot of info other than name, address and email. If it's employee information, that's another story because it involves SINs and compensation as well which is great for identity theft.
I think they should have been far more transparent than they were about the nature of the attack. I was sick of being kept in the dark. Libraries usually don't have the stringent security that we find in corporate environments but some parts of their system were more robust than others.
Last edited by SpinningWheel (November 14, 2023 9:00 pm)
Offline
RadioActive wrote:
Greg Brady was talking about this on Tuesday, saying they'd suffered a ransomware attack and still have not been able to get fully back online, almost two weeks later. If that's true, it doesn't appear they've paid the hackers, if they're still down all this time later.
How ironic - the one thing you can't hack is a printed book!
What's also ironic is that the part of the system where you ordered books or arranged to transfer them from other locations is still offline, while e-books and audio books are fine. The latter is probably under another system. It looks like it's contracted out.
Offline
SpinningWheel wrote:
while e-books and audio books are fine. The latter is probably under another system. It looks like it's contracted out.
Yes, like most libraries who make such agreements, these "multimedia" materials are provided by third-party content providers like Naxos, Flipster, Hoopla, Kanopy, Overdrive, Pressreader, etc. They are not housed on any TPL server cloud or on-prem infrastructure.
Offline
Won't be back till January
Offline
To answer the question "Why would someone hack the Toronto Library" - low hanging fruit? It's a large institution with a budget in the hundreds of millions of dollars but not one managers would think requires the level of security that other government (or commercial) institutions would have so it's a soft target. I expect just as universities (and now hospitals0 have tightened up their cybersecurity after a number of high profile cyberextortion incidents, libraries will now have to invest money doing this.
Offline
Since libraries do not generally compete with one another, and generally collaborate (inter-library loans etc), you'd think digitization and electronic communications would be tasked to a library association to come up with and support a platforms. Keeping iron walls between organizations' private parts, of course, but doing things like building templates, system design, training network admins, having specialists on hand, etc. Same should go for hospitals, etc.
Maybe it's indeed already done along these lines...
Offline
And then there's personal and financial information to be gained with hacking from those who have TPL library cards and have used debit/credit cards in the past to pay for overdue fines, photocopies or those nifty canvas tote bags.
Last edited by betaylored (November 24, 2023 3:19 pm)
Offline
January is here and it's still down
Offline
cash wrote:
January is here and it's still down
The most relevant link for new updates is the landing page at:
They've mentioned the "later in January 2024" timeframe they reference for a while now, but these things can, unfortunately, take some time.
Offline
Its back after four months. This George Harrison bio is the first book I ordered:
Last edited by cash (March 4, 2024 6:48 pm)