Recovery from cyberattack costs Seattle Public Library over $1 million

Seattle Public Library says it took 90 days to recover from a ransomware attack that struck over Memorial Day weekend, resulting in recovery costs surpassing $1 million.

During the attack, officials say library IT staff quickly contained the incident by upgrading systems and re-imaging approximately 1,000 computers. By the end of the year, the library expects to incur additional legal expenses as they investigate the information stolen by hackers.

At a recent board meeting, Rob Gannon, who serves as the director of administrative services for the library and leads efforts to recover from the breach, outlined the work that has been done to get the organization stable again.

RELATED: Down, but not out: Seattle Public Library shuts the book on two-pronged tech challenge

“The IT team was integral in providing response to the situation as we understood it, but we also tapped a number of consulting resources to help us through this,” Gannon said.

Gannon also noted ongoing monitoring by a local law firm, which he anticipates will come with additional expenses.

“They are continuing to do legal support through the data mining assessment phase, as well as prepare for any legal claims that may come as a result of the breach,” he said.

An after-action review to assess the ransomware event and establish ways to strengthen the library's cybersecurity measures is underway.

RELATED: Seattle library patrons rejoice (quietly). Digital books are back

The library also contracted with Experian to provide credit monitoring services for all library employees.

Since the attack, the library's IT department has updated Windows Server licenses, acquired multi-factor authentication devices, and replaced outdated laptops.

Library officials anticipate gaining a clearer understanding of the stolen data by the end of October.

RELATED: Seattle Public Library goes low-tech after cyberattack

According to board documents, the library generated $13,000 in revenue in August, bringing its year-to-date total to $453,000, 56% of the target.

Before the cybersecurity incident, monthly revenue was surpassing collections from the same period last year.

While officials acknowledge there are no guarantees of complete security, they believe their systems are now more robust. The Seattle Public Library Board of Trustees will hold a meeting Oct. 31, and public comments can be submitted via email or in person at the Central Library.