In its latest update about the ransomware attack that disrupted its tech systems and services last month, the Seattle Public Library announced Thursday that some personal information of staff members was compromised.
“We have become aware of a very small number of library staff members whose personal information was downloaded during the attack,” the library said in a post on the Shelf Talk Blog, where it has been providing updates on its recovery from the cybersecurity incident. “We have notified these employees directly and have provided supportive resources, including a 24-month membership to a credit and identity monitoring service.”
The library added that if it finds additional staff members’ or patrons’ personal information was downloaded, those individuals will be notified.
The breach was detected this week as the library worked to restore staff access to its network, which it said could provide “the foundation needed to restore other public services in coming weeks.” These services include access to patron accounts, the library’s catalog, public Wi-Fi, printing, and computers.
Laura Gentry, head of communications for SPL, told GeekWire this week that to protect the integrity and effectiveness of the library’s response to the incident, no additional details about the threat actor or the nature of the attack can be provided at this time.
“We continue to investigate what happened, identify affected data, and strengthen the security of the library,” Gentry said. “All of this work takes care and time, and we expect the investigation to take several more weeks — we want to do this right and provide patrons with accurate and appropriate information.”
The library, with 27 branches across Seattle, said it expects to have more information next week about the timeline and order of recovery for services that are still offline. A list of services that have been restored so far, such as e-books, is available here.
Previously: Why did ransomware hackers target Seattle Public Library?