Pierce County library was hit by data breach. What was in the stolen files
AI-generated summary reviewed by our newsroom.
- A Pierce County Library data breach in April compromised patrons’ basic personal data.
- More than 335,000 affected individuals were notified, court and library records show.
- A lawsuit claims the library was negligent. The library says it acted promptly.
The Pierce County Library System is being sued over a data breach earlier this year that compromised basic personal details of more than 335,000 people, court records show.
Between April 15 and April 21, unauthorized access into the library’s system led to certain files being copied and taken, according to a public notice from the library reportedly issued in July. Following an internal review completed about a month after the breach, the library determined that information including name and date of birth was present within the impacted files, the notice said.
The library added that it was “unaware of any attempted or actual misuse of information,” but two of three plaintiffs in a recently filed lawsuit alleged they have experienced consequences from the cyberattack.
Three patrons sued the library on Sept. 3 in Pierce County Superior Court, accusing the library of failing to implement and maintain reasonable security measures. As a result of the breach, the plaintiffs’ efforts to mitigate increased risks of identity theft and fraud will be costly and time-consuming for years to come, the suit said.
Gwendolyn Bachmann and Kristye Gervais, both of Auburn, have each seen a substantial uptick of spam calls, text messages and emails attempting to solicit more personal information, according to the lawsuit.
Bachmann has been issued four separate debit cards in the months following the breach because each card “was apparently flagged as being on a list used by criminals,” the suit said. Gervais received notice of a “soft check” on her credit history despite never applying for a loan, according to the filing.
“Although the Data Breach primarily involved names and dates of birth, this information remains highly sensitive when combined with other publicly available data,” according to the suit, which seeks to be a class-action case. “Hackers can and do exploit such information to commit identity theft, financial fraud, and other identity-related crimes against Plaintiffs and Class Members now and in the future.”
Neither the plaintiffs’ attorney nor a library spokesperson returned messages from The News Tribune seeking comment.
The Pierce County Library System, which is the fourth-largest library system in Washington and maintains 19 locations, mailed written notice of the breach to affected parties sometime around July, the suit said. The library wrote that it planned to provide the notice to 335,868 state residents, according to an incident-related document in the state Attorney General Office’s directory that tracks data breaches.
“PCLS takes the confidentiality, privacy, and security of information in its care very seriously,” the notice said. “Upon discovering the issue, we immediately commenced an investigation to confirm the nature and scope, and to identify what information could have been affected.”
In response to the breach, the library offered affected individuals free credit monitoring and identity-protection services for a year. The suit dismissed the offering as “an inadequate measure” and criticized what it asserted were delays in the library’s investigation and public notice.
The lawsuit, which accuses the library of negligence, is seeking unspecified damages and to compel the library to adopt a host of security-related measures, including third-party testing of its systems and a purge of all plaintiffs’ personal information.
For questions about the data breach, call the library at 1-855-201-0132 between 6 a.m. and 6 p.m. Monday through Friday. Individuals may also write to the library at 3005 112th St. E., Tacoma, WA 98446.
In recent years, other data breaches in Pierce County have led to litigation. In March, Pierce College agreed to pay $1.2 million to settle a case after a breach in 2023 exposed the personal information of 155,000 people. In December 2023, Virginia Mason Franciscan Health was sued for allegedly failing to safeguard patient information in a breach that year. The suit was combined into a larger case with many other plaintiffs and defendants in a Massachusetts federal court and remains ongoing, court records show.
