All Calgary Public Library locations remain closed Saturday after a cybersecurity breach compromised at least some of its systems.
The library shut down all of its physical locations Friday at 5 p.m. as a proactive measure to mitigate the potential impact of the hack, a spokesperson said.
On Sunday morning, a spokesperson told CBC News there was no update on the status of the hack.
Tom Keenan, a professor in the School of Architecture, Planning and Landscape at the University of Calgary, told CBC News public institutions such as libraries are a logical target for cyber criminals.
“Almost everybody has a library card, it’s free in Calgary, so there’s a big database of people they can get,” Keenan said.
“And think about it. When you got your library card, what did you tell them? Your name, maybe your address, your email address. So there’s a rich amount of data there and the bad guys go looking for things like that.”
Keenan said criminals can use stolen information from hacks such as this one for identity theft, and leverage that information to target people with specific, personalized scams.
“Think about your borrowing history. I’m sure the library knows what books you took out,” he said. “Maybe you took out a whole bunch of books on Hawaii recently. Somebody could target you with a scam for a fake flight to Hawaii.”
When hackers steal data, there’s a chance their goal is to extort the victim into paying a ransom to retrieve what they lost, according to Keenan. He said the targets of these types of cyberattacks, known as ransomware, should never give in to hackers’ demands for payment.
LISTEN | What companies can do to get the upper hand:
Cost of Living11:21To pay or not to pay
London Drugs is the latest Canadian company to get hit by an international gang of cyber criminals. It’s not paying the ransomware demands. And now the hacker gang is releasing the stolen data on the Dark Web. Paul Haavardsrud talks to cybersecurity expert Kim Zetter about whether the good guys will ever get the upper hand on the hackers.
He said library users whose information may have been stolen should watch out for strange emails, especially from unexpected sources, and beware of any messages they get — including ones that suspiciously contain information about books they recently took out from the library.
“Don’t click on attachments if you don’t know where they come from. Be very skeptical,” he said. “That’s the way people typically get into systems — they phish you with an email, you click on the attachment, all of a sudden, your computer is infected.”
In 2023, a cyberattack on the Toronto Public Library paralyzed its computer systems for months. Keenan said hopefully Calgary’s libraries can avoid a similar disastrous situation.
“The Toronto Public Library is the horror show. They were closed for four months, people returning books which were piling up because they had no way to deal with it. Hopefully, that’s not going to happen in Calgary,” he said.
“This should be a wake up call that they better raise their IT security budget.”
Whitney Evans, a PhD student at the University of Calgary, said she frequents Calgary Public Library locations to study for hours at a time.
She said she didn’t give the library any information that isn’t already available publicly, so she isn’t concerned about being targeted by scammers.
But she is disappointed the location nearest her home is closed.
“I’m a little bummed, I had to lock up my bike and then unlock it, and now I’m going back home and figuring something else out,” Evans told CBC News. “But I hope they can figure it out. We love the library.”