Cyber Incident Victim: London Public Library
Date:
Dec 2023
Location:
Canada
Summary
A cyber incident caused a major system outage at London Public Library, disrupting electronic borrowing, website access, and branch Wi-Fi services while forcing three branches to close temporarily. The library is relying on social media for public updates as experts investigate the incident, though the full impact remains undetermined. In-person borrowing continues at unaffected branches, but system restoration is expected to take significant time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 13, 2023, the London Public Library experienced a major system outage beginning Wednesday morning that disrupted electronic borrowing services and rendered its website inaccessible. The incident forced three branches—Carson, Glanworth, and Lambeth—to close entirely, while other locations maintained limited operations offering in-person borrowing only. Library CEO Michael Ciccone confirmed the disruption was under investigation as a "cyber incident," though the full scope and origin of the attack remained undetermined at the time of public statements. The outage persisted through at least Thursday, with no restoration timeline provided beyond Ciccone's acknowledgment that recovery would "take some time." Critical public-facing systems including WiFi access at all branches remained non-functional during the initial outage period, significantly reducing service capacity across the library network.
The library resorted to social media platforms as its primary communication channel due to the website outage, using these channels to provide sporadic updates on branch availability and service limitations. Ciccone emphasized the institution's role as a critical community resource while withholding specifics about the nature of the cyber intrusion or potential data compromises. Parallels emerged with an October 28 cybersecurity incident at Toronto Public Library, where attackers exfiltrated employee personal information including Social Insurance Numbers and home addresses, though London officials did not confirm similar data exposure. Technical experts engaged in forensic analysis had not publicly identified whether ransomware or other malware variants caused the disruption, nor did library leadership disclose whether ransom demands were received. Carson, Glanworth, and Lambeth branches remained scheduled for closure through the following week as recovery efforts continued, leaving patrons dependent on alternate branches for physical material access without digital services or connectivity support.