Our Daily Breach: A Canadian Thanksgiving
Of course it was a Canadian breach that took to the time to divulge what really happened.
A year ago today all of public libraries in the city of Calgary, Alberta were suddenly closed without any word on when they'd be back open. The full story has since been removed from their website, but I think it's a shame they buried this. Here's a condensed version of what went down:
October 11, 2024 - Calgary Public Library systems were infected with ransomware. All libraries closed as 5PM until further notice. Microsoft Incident Response team was summoned to help.
A full week later, the library systems were still offline but locations started to open for collection browsing. However, the following services were still not available:
- Book returns (due dates for all borrowed materials will be extended until further notice)
- Technology and digital services, including printing, Chromebooks, computer access, internet, and Wi-Fi.
- Digital Library and eResources, with the exception of Libby and Kanopy
- Programs and events that do require technology, including all virtual programming.
Another week goes by with no updates.
October 29th, 2024 - The investigation summary is published on the libary homepage. They explain that no user data was impacted, the attacker just had monetary demands. The library then took a step further and launched a dedicated static page chronicling their digital recovery:
Because there wasn't enough innuendo in the phrase comeback story, they also had this hero section explaining how they're into analog now:
They add a few more updates in November as they gradually restored services, but they offered a dedicated phone # to answer any questions about this incident.
December 11th, 2024 - Final update. All services restored from the initial ransomware attack.
While this took the Calgary Public Library 3 months to fully recover from this ransomware attack, I can't help but appreciate their transparency in this process. After finding nothing on any of the other publicly traded company breaches I've researched this month, this was refreshing.
As a Quebecois resident, it physically pains me to say this, but... good job Calgary. You got got, but in your incident response was better than I expected for an organization that only gets $34M (CAD) per year in provincial funding.
For perspective, ADT makes $363M per month (USD) in recurring revenue and this is what their homepage looked after their second breach last year:
Even a year ago I would have said "No thanks ADT, I'll pass on your pot de vin, but some updates on how you're handling security would be a real treat". Maybe we'll get lucky and get some updates from these major corporations next year🤞
