Anne Arundel County Public Library

Anne Arundel County Public Library serves residents of Anne Arundel County, Maryland, as a public library system. Its core function is to provide free access to information and educational resources, which includes offering public computers and internet access to its patrons. This public computing infrastructure is a standard service for modern public libraries, enabling community members to conduct research, apply for jobs, and access digital materials. The library's operational scope is confined to its county jurisdiction, positioning it as a local government-supported institution rather than a regional or national entity. Its primary market is the general public within its service area, with a particular focus on supporting community literacy, lifelong learning, and digital inclusion. The 2018 security incident directly involved these public access computers, confirming their central role in the library's service delivery.

The library experienced a significant cybersecurity incident on September 17, 2018, when a self-propagating Emotet banking Trojan infected approximately 600 staff and public computers. The malware entered the network via spam emails containing malicious Word documents, leading to symptoms like increased spam output and unauthorized device reboots. This breach potentially affected around 5,000 patrons who had used the compromised public machines during the infection window. While the attack did not result in the confirmed theft of stored customer data from library databases, the nature of Emotet meant that any sensitive information, such as financial credentials or personally identifiable details, manually entered on infected terminals was at high risk of exfiltration. In response, the library implemented enhanced network-wide behavioral threat detection systems to identify anomalous activity more proactively. Furthermore, the institution conducted mandatory cybersecurity training for its staff to improve collective threat identification and response capabilities, representing a measured effort to bolster its defensive posture following the incident. This event underscores the vulnerability of public computing resources to sophisticated, self-replicating malware campaigns and the subsequent institutional steps required for remediation and future prevention.