Cyberattack on Toronto Zoo more extensive than expected

A comprehensive analysis shows that the full scope of a data breach that occurred last year at the Toronto Zoo is considerably larger than expected. Hackers obtained personal and sensitive information from visitors and (former) employees going back over 20 years.

In January 2024, the Toronto Zoo reported that it was struck by a ransomware attack. The zoo announced that personal data of current and former employees had been captured, going back to 1989, as well as personal information of a small number of volunteers.

The stolen information included past earnings information, social insurance numbers, dates of birth, telephone numbers, and home addresses. At the time, the Toronto Zoo believed it didn’t include personal banking information as the zoo doesn’t store that information on its servers.

The Toronto Zoo, the largest zoo in Canada with over 1.2 million guests each year, promised to investigate how zoo members, guests, donors, and volunteers were affected.

In a recent notification regarding the data breach, the Toronto Zoo paints a gloomy picture of the cybersecurity incident. According to the press release, personal information of current and former employees, volunteers, and donors between 2000 and April 2023 has been stolen.

It includes full names, home addresses, phone numbers, email addresses, and the last four digits of credit card numbers and associated expiration dates. How many people have been affected by the incident remains unclear.

“This cyber incident has been extremely challenging for us, particularly our current and past employees who had personal information compromised, but also due to the loss of decades of wildlife conservation research that was lost as well,” the Toronto Zoo states.

The Canadian zoo says that ‘significant steps’ have been taken since the incident to beef up security. The zoo’s information technology has been upgraded and the zoo is working more closely with the city’s Chief Information Security Officer (CISO). “Our enhancements will give us significantly better network defenses and better ability to detect security problems.”

The Toronto Zoo sends out a warning to all people involved in the data breach. “Phishing and online fraud is ever present today. We encourage those affected and all our guests and members to be vigilant, and to carefully examine uninvited and suspicious communications and to regularly check financial account statements.”