Cyber Incident Victim: BC Libraries Cooperative

On April 19, 2024, BC Libraries Cooperative was contacted by an individual claiming to be a security researcher who attempted to extort payment in exchange for not publicly releasing data allegedly exfiltrated from the organization’s servers. The Cooperative confirmed the attacker had accessed log file data from a newly implemented logging server within their cloud hosting infrastructure. This server contained limited operational data related exclusively to their email service. Forensic analysis determined the compromised logs did not include user passwords, email subject lines, message contents, or other sensitive payloads. The breach was confined to metadata revealing instances where one email account communicated with another—specifically documenting that "email account X sent an email to email account Y." The Cooperative emphasized that while the volume of stolen data was minimal, any unauthorized access constituted a privacy breach warranting disclosure.

Immediately upon validating the breach, BC Libraries Cooperative identified and remediated the vulnerability exploited by the attacker, confirming no further unauthorized access occurred. The organization notified all members utilizing its email service about the incident and initiated direct communications with individual services relying on the affected mail server. The primary confirmed risk stemming from the incident involved potential future spear-phishing campaigns, as the exposed metadata could theoretically help attackers impersonate trusted correspondents by referencing legitimate email relationships. The Cooperative underscored that such phishing risks persist irrespective of specific breaches and directed members to existing cybersecurity advisories, including guidance published by the Government of Canada. No operational disruptions, financial losses, or compromises beyond the identified log metadata were reported.