The Pierce County libraries system was hacked, information stolen. What we know
After the Pierce County Library System catalog was reported down for more than a week in May, the library system confirmed on May 12 that it “was the target of a cybersecurity event” and that “some Library data was taken,” according to communications manager Somer Hanson.
As of May 12, “details of the information accessed remain unknown at this time and are still under investigation,” Hanson told the News Tribune in an email. “Individuals whose personally identifiable information was impacted, will be notified accordingly.”
On May 14, Hanson could not provide updates to when the library system would learn more about the attack and what data was affected. Hanson said “an outside entity gained unauthorized access to the PCLS network” but could not share more information as of May 14. As a practice the PCLS “minimizes the amount of personal information collected from library users,” she said.
On May 15, she said PCLS collects users’ address and identification and stores borrower, transaction and material records until deleted by request, inactivity or removal of physical materials from circulation. Hanson said the PCLS library catalog would be back online early the week of May 19.
PCLS technology staff shut down all computer-network systems on April 21 “in an abundance of caution after it detected unusual and potentially malicious activity,” Hanson said. The library system has been engaged with cybersecurity experts, including the Multistate Sharing and Analysis Center, and has notified law enforcement agencies because the ransomware event “is a criminal act,” she said.
“The initial systems investigation took about three weeks and included work with over a thousand individual systems, servers, software and databases,” Hanson said. “This thorough process was necessary to scan for malware, identify possible data removal, and retrace the unauthorized individual’s steps to understand the extent of the breach.”
PCLS told the public to hold onto books or other materials that have been checked out until notified otherwise. As previously reported by The News Tribune, the library system began waiving fines for overdue books in 2023 and cleared account balances after staff concluded fines actually caused more harm than good.
As of May 14, the public could not use the physical self-checkout, the library catalog, book-club kits and some online resources, according to a PCLS website page providing updates. Branches are open and meeting rooms are available, in-person events and virtual events are happening and the public can check out physical books. Computers and printers will have limited availability, and the public can access museum passes and Check Out Washington passes.
“The Library remains committed to enhancing security systems and protecting personally identifiable information. We appreciate your patience as our staff work diligently to provide uninterrupted service despite this outage,” Hanson said. “Significant progress has been made in the secure restoration of our systems, and full restoration is within sight. Please continue to check our website for regular updates on service outages and restoration.”
This story was originally published May 15, 2025 at 5:00 AM.
