Data breaches


Wyoming’s statewide catalog WYLDCat was hacked, potentially leading to personal information being accessed during the data breach SEE Hackers breach Wyoming library system IN Washington Times November 8 2014 Hackers breach Wyoming library system
Hacker hits NC community college system (2009) – affected 51,000 library users at 25 campuses


An attack on the University of London Computer Centre blocked users from accessing Moodle, which the ULCC hosts, a number of university and education related websites were brought down, including the Universities UK website and the European library. “Cyber-attack leaves millions of British students without access to online services” IN 21st May 2015


File made accessible on network

Trinity Librarian sent out an email informing students that a file containing student and staff names, addresses, ID numbers and email addresses was inadvertently made accessible on the college network, and that it was there for over a year and a half. “Data breach at Trinity College Dublin” IN 29th April 2011

Keystroke logging

Concordia University (Canada) discovers security incident SC Magazine 25 March 2016

Snooping devices found in Cheshire library computers, BBC News Online, 8th February 2011

Misconfigured database

Diego State University, May 2014 SEE San Diego State University acknowledges data breach IN eSecurity Planet May 29 2014

Insider threat

An employee in the HR department of the Library of Congress stole information on 10 library employees, January 2009 SEE Format-preserving encryption: a help but not a panacea by Jeremy Phillips, 5th January 2009

Denial of service attack

DDOS attacks (these are becoming a routine strategy used by cybercriminals intent on committing fraud or extortion) (July 2016 the Library of Congress was the target of a DDOS attack which affected library operations including internal websites and employee email – see US Congress websites recovering after three-day DDoS attack Graham Cluley security website July 20th 2016).

St Louis City Public Library victim of ransomware attack (Source: KMOV January 19 2017). The attack affected 700 devices and all electronic functions, including public computers, catalog search, and circulation, for days.

US libraries hit by ransomware attack BBC News Online January 24th 2017


Recent DHHS data breach triggers cybersecurity concerns by Ella Nilsen December 29 2016
article says “A former patient at New Hampshire’s state psychiatric hospital used a computer in the hospital library to access information of about 15,000 individuals who received department services”.

Police investigate report of stolen E.C library data (2011 story)

Library patrons in 10 Western Wisconsin counties affected in data breach

Vendor data breaches

Reed Elsevier – owner of LexisNexis – said that social security numbers, drivers license information and addresses of 310,000 people may have been stolen (New York Times, April 13th 2005)

Bloomberg (there were reports in 2013 that reporters at Bloomberg News used a function that tracks how recently a client has logged in as a way of generating story leads about personnel changes) IN Privacy breach on Bloomberg’s data terminals, New York Times, 11th May 2013

Adobe (in the Autumn of 2014 there were a number of reports that Adobe Digital Editions was sending back to the Adobe servers   in plain (unencrypted) text details including a  list of books read. The Overdrive / Amazon tie in led to accusations of their library lending program as being ‘anti-user, anti-intellectual freedom, anti-library’ and says that libraries have been ‘screwed‘. Concerns over the data about library users’ borrowing practices being in the hands of a corporation. IN ZDNet, October 21st 2011

A laptop that was either lost or stolen (Library Systems and Services LLC, made public in December 2012 SEE Privacy Rights Clearinghouse, December 19th 2012)

Dow Jones customer data exposed in cloud error