Cyber Incident Victim: Seattle Public Library
Date:
May 2024
Location:
United States of America
Summary
A ransomware attack disrupted the Seattle Public Library's technology systems, causing widespread service outages including online catalog access, public computers, in-building Wi-Fi, digital collections like e-books and e-audiobooks, and account management functionalities. Physical branches remain open with manual checkout processes for materials, though patrons cannot place new holds and are advised to retain borrowed items until systems are restored. The organization engaged third-party forensic experts and law enforcement, taking all systems offline to investigate and mitigate the incident. No estimated recovery timeline has been provided, but the library confirmed paused digital holds will retain patron queue positions and overdue fines are waived during the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Seattle Public Library experienced a ransomware attack that disrupted its technology systems beginning in the early morning hours of Saturday, May 25, 2024. The incident occurred one day before the Library had planned to take systems offline for scheduled Memorial Day weekend maintenance on a server. Upon detecting the cybersecurity event, the Library immediately took all systems fully offline to contain the threat, engaged third-party forensic specialists, and notified law enforcement. The attack impacted access to staff and public computers, the online catalog and loaning system, e-books, e-audiobooks, in-building Wi-Fi, the Library’s website (spl.org), digital databases, newspaper access, printing/copying services, Museum Pass, and the "Your Next 5 Books" recommendation service. Physical locations remained open during normal operating hours, with patrons able to check out physical materials using paper forms if they presented their physical library card or card number. Manual hold pickups continued for items already on shelves, though new holds could not be placed.
The Library confirmed all e-book and e-audiobook holds were paused effective May 31, assuring patrons they would retain their queue positions without penalty. Due dates for physical materials were extended indefinitely with no late fines, though returns could not be processed. Internal investigations focused on determining the attack’s source and scope while prioritizing the security of patron and employee data. No estimated restoration timeline was provided as of the latest update on June 2, though the Library committed to incremental service recovery announcements via its ShelfTalk Blog, social media channels, and website. The incident mirrored global trends of ransomware attacks targeting library systems, as seen in prior breaches at the British Library and Toronto Public Library. Operational impacts included suspended public computers, disabled Wi-Fi, and staff reliance on manual processes for basic services. Summer hours adjustments announced for June 20 and the Green Lake Branch renovation schedule proceeded independently of the cybersecurity response.