Skip to content

Canadian Urbanism Uncovered

Spacing investigation: Toronto Public Library ransomware attack, pt. I

A cyber-attack in October, 2023, left Toronto's library system hobbled and users in the dark


Read more articles by

This is a five-part series independently produced and investigated by Spacing

As a parent to a two-year-old, Markus Harwood-Jones made visiting a Toronto Public Library branch an essential mainstay in his week. Several branches near his area offered opportunities to check out toddler-friendly board books and access play spaces. “They’re an absolutely essential space, especially for parents like myself who don’t want to have to spend money every time I want to take my kid somewhere.”

But in late October, Harwood-Jones’ ordinarily pleasant experience with the library began to shift. “There were fewer and fewer books on the shelves.” The gradual disappearance of books from the shelves coincided with a system-wide cyber-attack that hampered functionality across the Toronto Public Library’s 100 branches. The ransomware attack sent shockwaves through library services, disabling the website, rendering library computers, printing and online bookings inaccessible and suspending the system’s ability to process returns.

As shelves grew sparser, Harwood-Jones’ weekly library visits with his child grew less engaging. There were fewer and fewer materials available to check out or use during visits — Harwood-Jones often relies on the library for access to French children’s books that their family doesn’t own. He is also an author, and their latest young adult novel was released during the cyberattack. Although their previous books are stocked at TPL branches, the online outage represented a barrier for those seeking his new book. “You couldn’t even go and search for it or request it. There was no method to do so.”

Then, one day in early February, the full scope of the ongoing cyberattack became starkly apparent. The colourful dragon-shaped children’s bookshelf at the Dufferin St. Clair branch, normally lined with board books, was completely bare.

Harwood-Jones was just one of hundreds of thousands of library users sent into disarray by the ransomware attack. During the nearly five-month disruption, the library developed a million-book backlog. With the hampered system incapable of processing returns, books piled up in trailers and cardboard boxes. Now, as systems get closer to full restoration, books are slowly being returned to shelves — but tough questions remain regarding how North America’s largest library system was left to unravel.

An assault on the public good

The Toronto Public Library system’s circulation ranks highest in North America. In 2022, per the most recent data available, it clocked in at almost 10 million branch visits. In the same year, more than 30 million people accessed library websites, while two million people dug deeper, accessing the library’s online databases.

During the shutdown, countless Torontonians found their routines altered; part of the city’s lifeblood had been cut off. From cancelled holds to unresolved academic questions, every library user had their own story to tell.

For Alisha Kurji, going to the Fort York and Toronto Reference Library branches is part of a little ritual. She regularly places holds on thrillers and mystery novels, using her online holds as a personal reading list, then picks them up in-person. Kurji didn’t know the library had been hacked until she visited in-person to renew her library card and pick up a hold. “The employees were having a really difficult time processing my card renewal because of the cyberattack,” she says. “They couldn’t access my file. They weren’t sure if my card had actually been renewed.”

Kurji’s holds hadn’t been delivered, either. When she tried to check out some of the books she picked off the shelves, the self-checkout was out of service. “I had to go to the employee, who had to write me a paper receipt. There was also no way for the employee to attach the book to my account in their online system.”

She ended up purchasing an e-reader, as the library’s e-book service came back online faster than physical holds did. “But of course, an e-reader is expensive,” she says. “I spent around $150 to purchase it just so that I could read library books.” This, she adds, is the opposite of what one is supposed to get out of the library: “access to free resources.”

Claire Battershill is an assistant professor at the University of Toronto, specializing in digital humanities. She says the cyberattack compromised both members of the general public and those in academia. “I use the Toronto Public Library both as a human living in the city with my kids, and also as a researcher,” she says. “There’s a lot of stuff that the public library has that the university doesn’t have access to — the city archives and the Reference Library, and other resources.”

Battershill notes that the TPL ransomware attack occurred in tandem with a separate, yet similarly impactful cyber-attack on the British Library; some of her students from UofT who were doing research on site in London were unable to access materials there. The paralyzing impact of a digital outage was made apparent across two major public libraries at once.

To Battershill, the attack on the library’s digital infrastructure reflects an assault on the public good. “Libraries create an open environment where resources can be accessed for free right on site. There’s a lot of digital infrastructure that goes into that access.” She says the cyberattack seemed to represent a rupture that went beyond the initial disruption. “It’s inconvenient, for sure, but it also feels like an attack on values, or at least that was how I was reading it right away.”

Today, signs at library branches herald the restoration of most services. Holds, online room bookings, and digital accounts are all back online. An employee at the Toronto Reference Library informed Spacing that as of March, the Digital Innovation Hub is back in service, bringing with it access to online learning programs and applications like Adobe Photoshop which had previously been cut off. Still, five months later, printing is unavailable.

In the aftermath, library patrons are now acutely aware of what they’d lost.

Harwood-Jones says that the cyberattack had a heightened impact on those who are already vulnerable. “With the cost-of-living crisis and everything else, people are requiring more and more access to free and affordable public services, and public services just literally cannot keep up with it,” he says. “To me, it’s a funding issue. [I]f they had robust funding, they could have done the security work beforehand to prevent this kind of attack, and they could get the resources they needed to get it back online in a more robust and expedient manner. The library being lost as a resource is a real impact on our whole community — it’s a reflection of broader issues around not valuing public care, public literacy, public education.”

“I really appreciate the library because it’s one of those reliable free things to do in the city,” Alisha Kurji adds. “I had the library kind of baked into my regular routine. Whenever I would get an email that a hold was ready to be picked up, it was a way for me to take a break from any of the tasks I needed to do and go pick up my book and walk outside.”

photo courtesy City of Toronto

Part I: Toronto Public Library ransomware attack: Overview
Part II: Toronto Public Library ransomware attack: Unanswered Questions
Part III: Toronto Public Library ransomware attack: Was TPL adequately prepared to defend itself?
Part IV: Toronto Public Library ransomware attack: Where does the TPL go from here?
Part V: Q+A with Toronto’s chief librarian, Vickery Bowles


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.