Cyber Incident Victim: Anne Arundel County Public Library
Date:
Sep 2018
Location:
United States of America
Summary
A self-propagating Emotet banking Trojan infected nearly 600 staff and public computers at Anne Arundel County Public Library, potentially impacting approximately 5,000 patrons who used the compromised systems. The malware, delivered via spam emails containing malicious Word documents, led to increased spam activity and unauthorized reboots across devices, though no stored customer data from library databases was confirmed stolen. Patrons were advised to monitor for misuse of sensitive information entered on affected machines, as Emotet is known to exfiltrate financial credentials, personally identifiable information, and proprietary data. The library responded by implementing enhanced network-wide behavioral threat detection systems and conducting staff cybersecurity training to improve threat identification.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 17, 2018, Anne Arundel County Public Library systems experienced a cybersecurity incident involving the Emotet banking Trojan. The malware was discovered on October 4 after library employees observed a significant increase in spam emails to their work accounts in late September, followed by unexplained reboots of staff computers. These disruptions subsequently spread to public-access computers across library facilities. Forensic analysis confirmed the presence of Emotet, a self-propagating malware strain known for credential theft and financial data exfiltration. Approximately 600 staff and public computers were compromised. While the library's central databases remained secure, the infection created risks for nearly 5,000 patrons who had used affected public terminals during the exposure window, particularly those who entered sensitive information like credit card details or Social Security numbers on compromised machines.
The library initiated containment measures upon detection, including system-wide malware removal and network security enhancements. Officials publicly disclosed the breach on October 8, advising potentially impacted patrons to monitor their financial accounts for suspicious activity. As a corrective action, the institution implemented a new enterprise-grade antivirus system capable of detecting behavioral anomalies across the network, supplementing traditional signature-based scanning. Concurrent staff training programs were developed to improve threat recognition and response times. Malware analysis traced the infection vector to malicious Word documents distributed via spam emails, consistent with Emotet's typical propagation methods. The Trojan's capabilities included harvesting login credentials, personally identifiable information, and payment card data from infected systems, posing secondary risks of identity theft and financial fraud beyond the immediate operational disruption to library services.