Cyber Incident Victim: Daviess County Public Library

The Daviess County Public Library in Kentucky experienced a ransomware attack on or around Sunday, May 5, 2019, which disrupted library operations and forced a multi-day closure. The attack compromised library systems, preventing normal access to patron accounts and transaction records. By May 7, library staff initiated a three-day recovery effort focused on restoring functionality while the facility remained closed to the public through at least Thursday, May 9. Director Erin Waller confirmed the activation of backup systems to rebuild infrastructure, though the attack created significant operational gaps requiring manual reconciliation. Staff prioritized inventory assessments to identify materials checked out or returned during the disruption period starting from the attack date.

The incident necessitated comprehensive repairs to damaged systems alongside updates to patron account data that could not be processed during the outage. Library services were suspended entirely during the closure, directly impacting community access to resources and materials. Recovery efforts centered on verifying transactional records for accuracy, as the ransomware encryption likely prevented real-time tracking of loans and returns after the initial compromise. While backups enabled partial restoration, staff conducted manual audits to resolve discrepancies in circulation data accumulated between May 5 and the restoration period. The library’s response emphasized operational continuity through system repairs while addressing patron service interruptions caused by the forced closure. No further details regarding the ransomware variant, financial demands, or data exfiltration were disclosed in available reporting.