Cyber Incident Victim: Library and Archives Canada
Date:
Dec 2023
Location:
Canada
Summary
A cyber incident caused a major system outage at the London Public Library, disrupting electronic borrowing, website access, and branch operations—forcing three locations to close temporarily. The institution relied on social media for public updates while experts investigated the disruption, with full restoration expected to take significant time. While operational impacts included suspended WiFi and limited in-person services at open branches, the incident also raised concerns about potential data compromise, referencing a separate Toronto Public Library attack where employee personal information was stolen but no ransom paid.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber incident caused a major system outage at the London Public Library beginning on the morning of December 13, 2023, disrupting electronic borrowing services and forcing the library’s website offline. The outage required three branches—Carson, Glanworth, and Lambeth—to close entirely, while other branches maintained limited operations offering in-person borrowing only. Library CEO Michael Ciccone confirmed the disruption stemmed from a cybersecurity incident but declined to specify its nature or origin, noting experts were actively investigating the scope and impact. The library relied exclusively on social media channels to communicate updates to patrons due to the website outage, though Ciccone acknowledged the limitations of this approach for reaching all users. Public Wi-Fi services across all branches remained unavailable during the incident, further restricting access for patrons dependent on library connectivity. No timeline for full restoration of systems was provided, with Ciccone stating recovery would "take some time" and committing to ongoing public updates as information became available.
The London incident followed a similar cybersecurity attack on the Toronto Public Library (TPL) disclosed on October 28, 2023, which also caused prolonged system outages and service disruptions. TPL confirmed attackers exfiltrated sensitive employee data—including names, birthdates, Social Insurance Numbers, and residential addresses—though the institution refused ransom demands. Both libraries faced operational paralysis affecting digital lending platforms, public access systems, and internal administrative functions, though neither organization disclosed technical details about attack vectors or threat actors. The London incident differed in its immediate branch closures, whereas TPL maintained physical site accessibility despite digital service interruptions. No evidence suggested the incidents were directly linked, though both highlighted vulnerabilities in public library infrastructure. Restoration efforts remained ongoing in Toronto at the time of London’s outage, illustrating the protracted recovery timelines characteristic of such attacks.