Boston Public Library Experiencing Systemwide Technical Outage Due to a Cybersecurity Attack

UPDATES From the Boston Public Library

UPDATE (September 1, 2021)

As the Boston Public Library continues recovery from the August 25th cyberattack that affected many of our systems, we are pleased to share that we have completed restoring key essential business functions, and will be returning additional patron-facing services today.

As of Wednesday, September 1, Boston Public Library patrons will once again be able to: 

• Log into and manage their accounts at bpl.org 
• Stream and download digital items and manage holds in services such as OverDrive/Libby, Hoopla, and Kanopy 
• Reserve museum passes 
• Use other third-party online resources remotely

In-person technology services are returning, including:

• Catalog computers at all locations are online 
• Public WiFi at all locations has been restored 
• Many public computers are back online at all locations  
• Public printing at all locations is back online 
• Self-checkout stations are now online at all locations 

OverDrive/Libby holds were mainly frozen during this outage:  

We are currently working to release holds, which were frozen during the outage. Most users should find their OverDrive/Libby holds still in place, and OverDrive hold notifications are now being sent out.  

However, If patrons discover that they have missed a window to check out a hold on OverDrive/Libby, they can contact websupport@bpl.org with the following details: 

• The title they placed on hold 
• Their library card number  
• The email address at which they were notified that the hold was ready 
• The notice they received from OverDrive, if possible 

As always, users can request help with any other issues at https://www.bpl.org/contact-us/. 

For transactions that took place between the evening of Monday, August 23rd through the end of the day on Tuesday, August 24th: 

As our systems have come back on line, we were not able to recover some data from approximately the evening of Monday, August 23rd at 9pm through the end of the day on Tuesday, August 24th.  This means that:  

• Patrons who had physical library cards issued to them on August 24 will need to bring those cards in so they can be re-activated.   
• Any patron who updated their account between Monday 8/23 at 9PM and Wednesday 4AM will need to log back on and re-enter those changes.

Patrons who returned or checked out physical items during the outage may not see the items reflected on their account immediately. We appreciate your patience as we work to update transactions in our online system that were recorded by hand over the past few days. 

We are continuing to work on restoring eCard registration and services. More information will be coming shortly, specifically for patrons who registered for eCards between August 23-25, or those who are looking to register a new eCard. 

As always, we are grateful for the patience and support of our patrons. We look forward to returning to safe, secure, and complete service soon.   

Source

UPDATE (August 31, 2021)  by Kurt Mansperger, Boston Public Library Chief Technology Office

While our current outage is not yet fully resolved, our team is continuing to rebuild and securely restore our systems, assisted by an expert team of consultants. We are confident that we will be able to begin restoring in-person and online patron-facing services shortly. As of today, Tuesday, staff have begun to use our restored system to begin inputting transactions that were recorded by hand during the outage. 

Our current focus is on restoring our essential library business functions as well as the systems that staff and patrons use online and in person to look up and check out books, eBooks, and other materials. The following phase will be the restoration of public computing and printing systems at all locations. Public WiFi has already been restored.

In addition to our technology partners, we are also working closely with cybersecurity experts and law enforcement. Because of this ongoing investigation, we will continue to limit the level of detail that we share publicly.

We appreciate all the support and patience we have received from our patrons, and we look forward to returning as many services as possible as quickly and safely as possible.

Source
——-

Full Text of Boston Public Library’s Official Statement (August 27, 2021)

On Wednesday morning, 8/25, the Boston Public Library experienced a systemwide technical outage due to a cybersecurity attack, pausing public computer and public printing services, as well as some online resources. Affected systems were taken offline immediately, and proactive steps were taken to isolate the problem and shutdown network communication. There is currently no evidence that sensitive employee or patron data has been disclosed.

The library is working with the Mayor’s Department of Innovation and Technology and law enforcement officials to address the cybersecurity attack. The Library’s IT department is working on restoring all technology services, and in the meantime, all locations will remain open, patrons will still be able to check out books, and some online services remain operational. This is an ongoing situation and the library will update patrons and staff about services and impacts on its website.

“We apologize for any inconvenience this outage may have caused patrons,” said Kurt Mansperger, Chief Technology Officer of the BPL. “Thank you for your patience as our team and law enforcement officials work to restore our digital services and protect the library from future attacks.

Patrons may contact the library with any questions at 617-536-5400 or ask@bpl.org.

OverDrive Update:

We are working to restore login asap. OverDrive will be pausing all existing BPL holds, and will resume them once the technical issue has been resolved.

However, some holds may become available depending on their current status. If you receive an OverDrive notification for a ready hold, or if you lost your chance to check out a hold that became available during the outage, please make a record of it! Save the email or take a screenshot of the app. After logins are restored, if you still have not received your items, you can email that record to overdrive@bpl.org and we will ensure your items are delivered as soon as possible.

Media Coverage

BPL Hit By Ransomware Attack, Shutting Down Most Of Its Computer Network (via Boston Globe)

Boston Public Library Discloses Cyberattack, System-Wide Technical Outage (via Bleeping Computer)

Check BPL on Twitter For Updates

Filed under: Data Files, Libraries, News, Patrons and Users, Public Libraries