The Whatcom County Library System (WCLS) continues to investigate a data-security breach that compromised the personal information of an undisclosed number of library users.
Some form of malware was initially suspected in a June 27 security breach of the county libraries’ computers. The county library system informed the Bellingham Public Library on July 11 that some patrons’ personal data had been downloaded from county library computers. The names, birthdates, library card numbers and PINs of 735 Bellingham library cardholders were exposed in the breach, the city said.
In an email interview, Perkins did not explain why the county libraries initially reported that users’ personal data was “secure” and the security breach was “confined to internal communication systems.” She also didn’t disclose the number of county library users whose personal information had been stolen.
“This investigation is ongoing and unfortunately there's not much we can comment on,” Perkins said. “We are working with third-party specialists and following their guidance.”
Both the Bellingham and county libraries notified affected users directly. Both library systems automatically updated users’ PINs and said they are working on enhancing their data security.
“Our primary interest is in protecting the information in our care, and we're cautious about speculating about what happened or sharing information about how we're enhancing our security protocols,” Perkins wrote.
WCLS operates 10 libraries across the county and a bookmobile. The county library system functions separately from Bellingham Public Library, although they share a library catalog and electronic management system.