Cyber Incident Victim: Contra Costa County Library
Date:
Jan 2020
Location:
United States of America
Summary
The Contra Costa County Library System experienced a ransomware attack causing network outages that disrupted services across all 26 branches, though physical checkouts remained possible with library cards. Officials took affected servers offline, restored partial functionality, and maintained regular branch operations while collaborating with law enforcement and IT experts to investigate. While the library collects patron information such as names, addresses, and birth dates, it confirmed no storage of Social Security numbers or credit card data and had previously purged driver’s license details; it stated no evidence of compromised personal data and emphasized its patron database server remained unaffected. Virtual platforms like Discover & Go and Overdrive continued operating normally during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 3, 2020, the Contra Costa County Library System experienced a ransomware attack that disrupted operations across all 26 library branches. The attack caused widespread network outages, preventing patrons from accessing online services, including library account logins. Initial public notifications via Facebook and the library’s website on January 3 informed users of the outage, advising them to bring physical library cards for material checkouts. Library officials confirmed the incident was under investigation but could not immediately determine the scope of data exposure or the attackers’ methods. By evening, Contra Costa County Supervisor John Gioia characterized the event as a "serious and criminal matter," acknowledging ongoing efforts to assess potential data compromises while assuring the public of protective measures. The library’s technical response included taking affected servers offline, which partially restored some services by January 3, allowing branches to remain open as scheduled.
Library administration, led by County Librarian Melinda Cervantes, collaborated with law enforcement and IT specialists to investigate the attack and prevent recurrence. A public statement clarified that while the library collected patron names, addresses, phone numbers, email addresses, and birth dates, it did not store Social Security numbers, credit card information, or driver’s license data—the latter having been purged from records in 2019. Officials asserted no evidence indicated compromise of patron data, noting the server housing library card accounts and transactions remained unaffected. Despite this, the library advised vigilance in monitoring personal information. Critical digital services like Discover & Go and Overdrive remained operational during the outage. Patrons were directed to contact library administrative staff for service-related inquiries, with restoration timelines unspecified as of the last update. The incident occurred shortly after the library completed a major website and catalog overhaul, though no direct link between the upgrade and the attack was confirmed.