Seattle Public Library goes low-tech after cyberattack

At the flagship Central branch of the Seattle Public Library, 130 computers are sitting vacant, their screens blank. Each one bears a laminated sign: “Out of Service.”

The computers are one casualty of a cyberattack on May 25 that downed many of the library’s digital services indefinitely. Patrons can’t check out e-books or digital audiobooks, use Wi-Fi at library branches or place holds on books.

For Seattleites like Sarah Wright, it’s a big change.

“We have three young kids. We don’t own a ton of books… And we check out like 75 at a time [from the library],” she said. Wright is also heavy user of the library’s audiobook collection, listening to books while she drives and does other tasks.

She says her 5-year-old and 3-year-old twins haven’t run out of books from their last library visit, but she’s not sure what to do when that time comes.

The effects of the digital outage are widespread across the library system and SPL does not have a timeline yet for when they may be restored. The result is a rarity in 2024: A large organization that’s gone low-tech.

The cyberattack

Library officials have not shared details of the attack over Memorial Day weekend that downed their systems.

The library described it as a “ransomware incident,” a type of attack where a hacker gains control of an organization’s internal technology and locks it down. The attackers will typically demand a ransom in return for restoring access to the systems and data.

Quentin Hodgson, a cybersecurity researcher at nonprofit RAND, told KUOW midday show Soundside that these attacks are becoming increasingly common for organizations of all types and sizes. The perpetrators are usually criminal groups based outside the U.S. who make money off the tactic.

Library officials have not shared details about any ransom demand and are still investigating the extent of the attack.

In the aftermath, the library is unable to access key digital infrastructure, including the systems that track book holds and checkouts; digital checkouts of e-books and audiobooks; public and staff computers; and wifi at the library’s 27 branch buildings. (The library is updating its available services daily on its Shelf Talk blog).

The library does not yet have an estimate for when the systems may be brought back online. After a similar attack in October, the Toronto Public Library rebuilt its systems from scratch. It took four months.

Creative solutions

While the attack crippled key systems, the library’s 27 branches are still open, hosting events and checking out physical materials.

For 10 days after the attack, checkouts were done manually with a pencil and paper. Librarians wrote down patrons’ library card numbers and cataloged each item borrowed on stacks of forms. One joked that they were back in 1990.

Now staff have cobbled together a temporary solution that relies on Microsoft Excel, moving forward in time to 1995.

“I just scan your card into the spreadsheet,” said Spenser Hoyt, demonstrating the check-out process. Hoyt is the borrower services operations manager at the library’s central branch.

“We are able to use our fancy RFID tag technology, so all I have to do is set [the book] on the pad… and it is ‘checked out’ to you,” Hoyt said.

Hoyt puts air quotes around the phrase “checked out” because the item isn’t technically logged in the library’s cataloging system. For now, the spreadsheet acts as a record of checkouts that will be uploaded into that system when it’s back online.

One wrinkle in this work-around: There’s no way to check materials back into the library’s collection. (SPL is asking patrons to hold on any books or other materials until they can process them again. The system doesn’t charge late fees.)

The always-updating digital catalog is also down. That makes the act of searching for a book on the shelves difficult as librarians can’t tell what’s in the building without checking manually. Many branches are setting up displays of recommended books to help patrons navigate the new normal.

Seattleites are also eligible to join a number of other local library systems that have agreements with Seattle libraries. A King County Library System spokesperson said they have already seen a jump in Seattle residents signing up for cards and checking out e-books and audiobooks.

Ripple effects

While the disruptions are an inconvenience for some library patrons, the stakes are much higher for Seattleites who rely on the library’s technology services.

Seattle libraries logged more than 360,000 sessions on its free public computers in 2023. Many others use the library’s free wifi for everything from school projects to applying for jobs.

An SPL spokesperson said local branches are working to compile lists of resources for patrons in their neighborhoods.

Some patrons also read e-books or audiobooks because they’re more accessible. Many e-books allow readers to control font size and deploy features like dyslexic-friendly fonts.

“I think if anything it’s a reminder to be grateful for the library,” Wright said. “They have a wonderful service.”

To listen to the full episode on Seattle Now, tap this link or the play button at the top of the story.