Cyber Incident Victim: Pierce County Library System
Date:
Apr 2025
Location:
United States of America
Summary
The Pierce County Library System reported a cybersecurity incident after detecting unusual activity, leading to a network shutdown and the theft of some library data. Officials said an outside entity gained unauthorized access, and the institution is working with cybersecurity experts and law enforcement while restoring services and notifying affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 21, Pierce County Library System technology staff detected unusual and potentially malicious activity on the network and, as a precaution, shut down all computer‑network systems. The shutdown was announced by communications manager Somer Hanson, who stated that the library system had been the target of a cybersecurity event and that some library data had been taken. Hanson noted that an outside entity had gained unauthorized access to the PCLS network, though she could not share further details at that time. The library system promptly engaged cybersecurity experts, including the Multistate Sharing and Analysis Center, and notified law enforcement agencies because the incident was characterized as a ransomware event and therefore a criminal act. An initial systems investigation was launched, which ultimately lasted about three weeks and involved examining over a thousand individual systems, servers, software components, and databases to scan for malware, identify any data removal, and trace the attacker’s steps to determine the scope of the breach.
As a result of the shutdown, the library’s online catalog, physical self‑checkout stations, book‑club kits, and certain online resources became unavailable to the public. The library advised patrons to retain any checked‑out books or other materials until further notice. Despite the disruption, library branches remained open, meeting rooms continued to be available, and both in‑person and virtual events proceeded as scheduled. Patrons could still borrow physical books, while access to computers and printers was limited. The library also maintained availability of museum passes and Check Out Washington passes during the outage. Hanson emphasized that the library minimizes the amount of personal information collected from users, a practice intended to limit potential exposure.
Throughout the incident, Hanson communicated that details of the information accessed remained unknown and were still under investigation, with a commitment to notify any individuals whose personally identifiable information was affected. The library provided regular updates via its website, indicating that significant progress had been made in the secure restoration of systems and that full restoration was expected soon. Hanson thanked the public for their patience and affirmed the library’s dedication to enhancing security measures and protecting personally identifiable information. No further specifics about the data compromised or the exact timeline for complete service recovery were disclosed at the time of the updates.