Seattle Library Ransomware Attack Expected to Cost $1 Million, Officials Announce
The Seattle Public Library is grappling with the aftermath of a significant ransomware attack that occurred over Memorial Day weekend, leading officials to anticipate recovery expenditures reaching $1 million by the close of 2024.
Short Summary:
- Ransomware attack forced complete shutdown of library services across all locations.
- Total recovery costs expected to hit $1 million, funded by the library’s 2024 budget.
- Library officials working diligently to restore services while ensuring data security.
The Seattle Public Library (SPL) continues to recover from a debilitating ransomware attack that took its systems offline on Memorial Day weekend. During a recent board of trustees meeting, Rob Gannon, the library’s Director of Administrative Services, revealed that the total cost of recovery from this cyber incident is projected to reach $1 million by the end of 2024. This financial burden will be shouldered entirely by the library’s budget for the upcoming year, as their expenses will not meet the $1 million deductible of the city’s cyber liability insurance policy. “We know that data has left the library,” Gannon emphasized, recognizing that a thorough investigation is ongoing to determine the extent of any personal data stolen during the breach.
“We do not have any even early indication about the extent of personal information that may have been compromised,” Gannon added.
The attack disabled internet access, public computers, and in-person checkouts across all 27 library branches in Seattle, forcing staff to act swiftly to mitigate further disturbance. Upon realizing the cyberattack was underway, SPL officials engaged third-party cybersecurity experts, collaborated with law enforcement, and took immediate steps to shut down their systems. This proactive measure was crucial in preventing further breaches and data losses.
Laura Gentry, a spokesperson for the library, stated that while they managed to restore some functionalities quickly, many digital services remain dramatically impacted. “As you likely saw, we were able to bring back our website overnight and a few digital services, but there is a lot that is still impacted we continue to work on, including e-book access, computers, Wi-Fi, printing and more,” Gentry reported.
As the investigation continues, Gannon provided insights into the monetary implications resulting from the attack. Costs related to external consulting firms are expected to account for roughly $800,000, with additional IT expenses tallying around $200,000. The library’s leadership is optimistic that resources saved during the hiring freeze this year will help manage these expenses without affecting staffing levels.
“What we are focused on is securing and restoring our systems,” the library’s blog said.
Despite the significant challenges posed by the cyberattack, SPL staff rallied to keep physical library locations open for patrons. However, they had to revert to manual checkouts during the initial recovery phase, coping with a landscape largely devoid of digital interface. Tom Fay, Chief Librarian of SPL, commented on the resilience of staff, noting that their organization prides itself on being solution-oriented, even without advanced technological support.
In the wake of the attack, staff members creatively adapted to the situation, crafting manual processes to ensure services could continue with minimal disruption. “You can imagine the amount of communication that needed to go out when we had to say, ‘We’re going to a manual process…,’” Fay recounted. Staff had to handwrite book IDs, titles, and borrower information, transferring this data to online spreadsheets as technology was restored.
For the library community, the cyberattack was not an isolated incident—similar attacks have targeted public libraries in other cities including Toronto and Boston. This has raised concerns about the cybersecurity landscape impacting crucial public resources. Reflecting on this worrying trend, Fay noted, “We were fortunate in that we had been doing a lot of work hardening systems beforehand…
In response to heightened cybersecurity threats, the Seattle Public Library has taken proactive measures to fortify its systems ahead of any potential future attacks. Charles Wesley, the library’s technology officer, has expressed a belief that the library is now in a more advantageous position to confront such threats. “Not only did this resolve the Crowdstrike outage, but it also further accelerated our recovery timelines for the cyberattack restoration,” Wesley stated, acknowledging the collaborative efforts from city IT departments.
Meanwhile, while the physical collection of books remains accessible to library patrons, digital services like e-books and online account management remain subdued as the restoration process unfolds. Efforts to maintain uninterrupted access led staff to develop creative solutions, proving the flexibility and dedication of library personnel.
“It’s a small but mighty team that’s had a really big task,” Wesley affirmed.
As part of ongoing efforts to restore services, the library has engaged two specialized consulting firms—Critical Insight and Alvaka—to implement best practices and recovery protocols. Both firms have extensive experience managing ransomware incidents and have worked with library officials to ensure a robust response to the crisis.
Critical Insight is headquartered in Bremerton, WA, and has provided local support, while Alvaka, based in Irvine, CA, has facilitated technical aspects of the restoration process. Additionally, library staff have worked alongside Boston-based Charles River Associates as part of the data forensics investigation.
With various aspects of the library’s digital infrastructure undergoing systematic restoration, SPL expects to see steady advancements in service availability over the coming weeks. Analysts project that the majority of operational capacity will be back to baseline within four to five weeks, allowing patrons to access not only physical but also digital resources effectively. “We are at this stage of our recovery, this quickly, because of the collective efforts, big and small, of many people,” Wesley announced.
This cyber incident has further amplified discussions around the necessity of public sector cyber resilience, urging governments and institutions to reassess their digital safeguards against such malicious assaults. As public libraries play an integral role in community engagement, it is crucial to ensure their security and operational continuity.
In closing, as the Seattle Public Library charts a path forward from this incident, it serves as a sobering reminder of the vulnerabilities within critical infrastructure and the importance of preparedness and response in an increasingly cyber-dependent world. The hope is that through lessons learned, improved best practices can be developed to safeguard against future threats, fostering a fortified digital ecosystem for libraries nationwide.