Cyber Incident Victim: Baker & Taylor
Date:
Aug 2022
Location:
United States of America
Summary
A major global library services provider suffered a ransomware attack that disrupted business-critical systems, including servers, phone networks, and office operations. The incident caused prolonged outages across service centers, prompting the organization to engage its IT team and external experts for restoration efforts. While acknowledging the attack's impact on its network, the firm emphasized remediation over negotiation with the perpetrators, indicating no ransom payment. The provider, which supports thousands of public and academic libraries worldwide, prioritized system recovery while maintaining transparency about the ongoing operational challenges stemming from the cyber incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Baker & Taylor, a major global distributor of library content and software, experienced a ransomware attack over the weekend of August 20-21, 2022. The company first acknowledged server outages on August 23, 2022, when it reported disruptions affecting business-critical systems, phone services, offices, and service centers. One day later, Baker & Taylor confirmed the outages would persist throughout the week as technical teams worked to restore impacted infrastructure. On August 29, the company formally attributed the incident to a ransomware attack, stating the breach occurred during the prior weekend and that remediation efforts had been ongoing since detection. The attack caused significant operational disruptions, forcing the organization to prioritize server restoration over normal business functions during the recovery period.
The company mobilized its internal IT team alongside external cybersecurity experts to address the attack, emphasizing continuous restoration efforts rather than ransom negotiations. Baker & Taylor publicly acknowledged falling victim to what it described as an increasing threat facing all organizations, though it did not identify the responsible ransomware group or disclose whether data was exfiltrated. Operational impacts extended to its global customer base of over 5,000 public and academic libraries relying on its distribution services. The firm expressed appreciation for customer patience during the outage but provided no specific timeline for full recovery beyond its ongoing remediation work. Restoration of affected servers remained the primary focus, with no indication of ransom payment or communication with threat actors. The incident highlighted vulnerabilities in critical infrastructure supporting library systems worldwide.