Anne Arundel County Public Library officials have announced that nearly 600 staff and public library computers were recently exposed to the Emotet virus. Positively identified on Thursday, the malware infection resulted from a sophisticated email ruse.
The 4,768 customers who used public computers since September 17 by logging in with a library card are being notified of the breach and the machines were taken out of service on Thursday after confirmation of the virus.
While the library had no breach of customer information, any patron who used a public library computer during that time to access bank accounts, purchase goods or services using a credit card or entered their social security number on a website should check their accounts for fraudulent activity and change their passwords. This precaution only applies to people who used a computer in an Anne Arundel County Public Library branch. Customers using the library’s Wi-Fi network were not impacted.
“We deeply regret that this incident occurred. The protection of our customer’s personal information is our top priority. We are conducting a thorough investigation to learn how this happened and to prevent it from happening in the future,” said Library CEO Hampton “Skip” Auld.
In late September, staff began receiving an increased amount of spam on library email accounts. In early October, some staff computers began rebooting spontaneously and eventually the problem spread to public computers. This was initially attributed to errors made on the installation of software updates. The virus was identified on Thursday, October 4 and the computers were immediately pulled out of service.
The library has already upgraded its defenses by investing in a new more sophisticated enterprise-wide virus scanner system that not only looks for virus signatures but also identifies suspicious software behavior across the entire network. Staff are also being trained on how to more quickly identify potential threats. We expect library computers to be operational sometime Tuesday or Wednesday.
If you believe you’ve been affected by this breach, visit the consumer page of the library’s website at www.aacpl.net/consumer for resources to help.
