In October 2023, the British Library got hit with ransomware.

For three months, their catalog was offline. Digital collections were inaccessible. Services were crippled. Final cost: over £7 million.

And here’s the kicker: The British Library is huge, well-funded, and has professional IT staff. If they can get taken down for three months, what chance does your library have?

(Need to talk to your board about funding cybersecurity? Here’s the script that works.)

Now add AI to the mix, and things get worse.

What Happened at the British Library

The Rhysida ransomware gang breached the British Library’s network in October 2023. They encrypted systems, stole data, and demanded payment.

The Library refused to pay. Good for them. But that decision came with consequences:

  • Online catalog was down until January 2024
  • Digital collections were unavailable
  • Website functionality was severely limited
  • Internal systems needed complete rebuilding
  • Stolen data (including employee information) ended up on the dark web

Total cost is still being calculated, but estimates run into the millions. And that doesn’t count the reputational damage or the research that couldn’t happen because resources were inaccessible.

Toronto Public Library: Round Two

Then, in February 2024, Toronto Public Library got hit. Another ransomware attack, another massive disruption.

Systems were down for weeks. No online catalog. No holds. No renewals. No public computer access. Branches had to operate with manual workarounds—checking out books with pen and paper like it was 1995.

And since then? Multiple smaller library systems across North America have been hit. Seattle Public Library dealt with a breach in mid-2025. Chicago Public Library had to shut down systems for days in late 2025 after suspicious activity was detected.

The pattern is undeniable: Libraries are targets. Most still aren’t prepared.

Why Libraries Are Targets

Ransomware gangs attack libraries because:

Data value: Libraries have personal information (patron accounts, staff records, payment details). That data has value on the black market.

Operational dependence: Libraries can’t function without their systems. Catalogs, circulation, databases—everything runs digitally. That makes libraries willing to pay ransoms to restore service.

Weak defenses: Most libraries run on tight budgets. Cybersecurity isn’t a priority until it’s too late. Patches get delayed. Backups aren’t tested. Staff aren’t trained.

Vendor vulnerabilities: Libraries use dozens of third-party systems. Each one is a potential entry point. When a vendor gets breached, their customers (you) get breached too.

How AI Makes Ransomware Worse

AI isn’t just a tool libraries are trying to use. It’s also a tool attackers are using against libraries.

AI-Powered Phishing

Traditional phishing emails are easy to spot: bad grammar, generic greetings, suspicious links.

AI-generated phishing? Nearly perfect. ChatGPT and similar tools can:

  • Write convincing emails with no typos
  • Personalize messages based on scraped social media data
  • Mimic writing styles (your director’s email tone, your IT department’s phrasing)
  • Generate emails in bulk targeting specific library staff

Your staff can’t tell the difference anymore. One clicked link is all it takes.

AI Vulnerability Scanning

Attackers use AI to automatically scan thousands of targets looking for security holes. Your library’s website, your vendor’s login page, your cloud backup—all being probed 24/7 by AI bots looking for weaknesses.

When they find one, they exploit it immediately. No human decision-making required.

AI-Enhanced Social Engineering

Attackers are using AI voice cloning and deepfakes to impersonate executives, IT staff, or vendors. Imagine getting a phone call that sounds exactly like your director asking you to urgently reset the network password.

It’s happening. Libraries are falling for it.

Automated Attack Scaling

Once attackers breach one library, AI helps them pivot to other targets using the same techniques. They don’t need to manually repeat attacks—their AI does it automatically.

One successful ransomware attack on a small library can teach the AI how to hit dozens more.

What You Should Do This Month

Don’t wait for a wake-up call like the British Library and Toronto got.

If You Have Zero Budget (Free/Low-Cost)

Week 1:

  • Enable MFA on ALL systems (free with most email/cloud services)
  • Inventory all third-party access to your network (spreadsheet exercise, no cost)
  • Test your backups (time investment only—confirm they actually work)

Week 2:

  • Audit COVID-era systems for security gaps
  • Document manual processes for operating without digital systems
  • Join MS-ISAC (FREE security services for libraries)

Week 3:

  • Create a one-page incident response plan
  • Identify free/low-cost partners: Community college IT programs, state library support
  • Run a 90-minute tabletop exercise: “What if our systems went down tomorrow?”

Week 4:

  • Use free phishing training from CISA or KnowBe4
  • Review your insurance (do you have cyber coverage?)
  • Brief leadership using British Library/Toronto/Seattle examples

If You Have $10K-50K Budget

Add these:

  • Cyber insurance ($15K-25K annual)
  • One-time security audit ($10K-20K)
  • Backup system upgrade (air-gapped backups)
  • Retainer with incident response firm

The Uncomfortable Truth

The British Library and Toronto attacks weren’t anomalies. They were a preview.

Libraries are targets because:

  • They have valuable data
  • They provide critical services
  • They’re underfunded for cybersecurity
  • They have lots of third-party integrations

Ransomware groups know this.

October 28, 2023 wasn’t the end. It was the beginning. The attacks are increasing. The groups are getting more sophisticated. And libraries are woefully unprepared.

Don’t let yours be next. Enable MFA. Test your backups. Today.

Authenticity note: With the exception of images, this post was not created with the aid of any LLM product for prose or description. It is original writing by a human librarian with opinions.