Oregon State University’s Library Web Site Hacked InfoDocket 19th May 2015
An attack on the University of London Computer Centre blocked users from accessing Moodle, which the ULCC hosts, a number of university and education related websites were brought down, including the Universities UK website and the European library. “Cyber-attack leaves millions of British students without access to online services” IN RT.com 21st May 2015
File made accessible on network
Concordia University (Canada) discovers security incident SC Magazine 25 March 2016
Snooping devices found in Cheshire library computers, BBC News Online, 8th February 2011
Diego State University, May 2014 SEE San Diego State University acknowledges data breach IN eSecurity Planet May 29 2014
An employee in the HR department of the Library of Congress stole information on 10 library employees, January 2009 SEE Format-preserving encryption: a help but not a panacea by Jeremy Phillips, 5th January 2009
Denial of service attack
DDOS attacks (these are becoming a routine strategy used by cybercriminals intent on committing fraud or extortion) (July 2016 the Library of Congress was the target of a DDOS attack which affected library operations including internal websites and employee email – see US Congress websites recovering after three-day DDoS attack Graham Cluley security website July 20th 2016).
St Louis City Public Library victim of ransomware attack (Source: KMOV January 19 2017). The attack affected 700 devices and all electronic functions, including public computers, catalog search, and circulation, for days.
US libraries hit by ransomware attack http://www.bbc.co.uk/news/technology-38731011 BBC News Online January 24th 2017
Recent DHHS data breach triggers cybersecurity concerns by Ella Nilsen December 29 2016
article says “A former patient at New Hampshire’s state psychiatric hospital used a computer in the hospital library to access information of about 15,000 individuals who received department services”.
Police investigate report of stolen E.C library data (2011 story) http://www.nwitimes.com/news/local/lake/east-chicago/police-investigate-report-of-stolen-e-c-library-data/article_08e43a65-d4a2-5971-a803-2fb90cdfd06f.html
Vendor data breaches
Reed Elsevier – owner of LexisNexis – said that social security numbers, drivers license information and addresses of 310,000 people may have been stolen (New York Times, April 13th 2005)
Bloomberg (there were reports in 2013 that reporters at Bloomberg News used a function that tracks how recently a client has logged in as a way of generating story leads about personnel changes) IN Privacy breach on Bloomberg’s data terminals, New York Times, 11th May 2013
Adobe (in the Autumn of 2014 there were a number of reports that Adobe Digital Editions was sending back to the Adobe servers in plain (unencrypted) text details including a list of books read. The Overdrive / Amazon tie in led to accusations of their library lending program as being ‘anti-user, anti-intellectual freedom, anti-library’ and says that libraries have been ‘screwed‘. Concerns over the data about library users’ borrowing practices being in the hands of a corporation. IN ZDNet, October 21st 2011
A laptop that was either lost or stolen (Library Systems and Services LLC, made public in December 2012 SEE Privacy Rights Clearinghouse, December 19th 2012)
Dow Jones customer data exposed in cloud error http://thehill.com/policy/cybersecurity/342333-dow-jones-customer-data-exposed-in-cloud-error