Notification of ILS Security Breach

Image: 

Notification of Privacy Breach

     On April 25, 2024, our ILS (integrated library system) provider BC Cooperative notified us that they had experienced a privacy breach. Log files on their servers were obtained that contained the email addresses and phone numbers of patrons who had received automated notifications from the library system (i.e., checkout notices, overdue notices, hold notifications) between March 27 and April 19.
     Only the email addresses of people who received notifications (or the phone number of people who received SMS notifications) were leaked. The content of the notifications was NOT leaked. The leaked data does not say what the notifications were about, and it does NOT reveal any other information about patrons or their library use, such as checkouts and holds. We regret this happened and are working with the software provider to ensure this issue is resolved and does not occur again.
     It is our understanding that the most likely risk from this information leaking is it being used to generate spam or phishing messages. We highly recommend you refer to https://antifraudcentre-centreantifraude.ca/scams-fraudes/phishing-hameconnage-eng.htm for more information.
In addition, it may increase the likelihood of spear phishing messages – messages pretending to be from a person or system you are known to communicate with. Please know that the library will NEVER ask you for your password nor any other sensitive email like social insurance or banking information, nor ask for funds from you.
     If you receive any message that appears to be from the library but is asking for any of these things, do not hesitate to follow up by calling us directly at 250-627-1346 if you are at all unsure of its truthfulness.

Joe Zelwietro
Chief Librarian, Prince Rupert Public Library