Seattle Public Library ransomware attack to cost $1M, officials say

By the end of the year, officials from Seattle’s Public Library said, they will have spent about $1 million on the response to a May ransomware attack.

The extent of the attack, which took down the public library’s systems, internet, public computers and library catalog at all 27 locations throughout the city, is still under investigation, The Seattle Times reported. During a library board of trustees meeting last Thursday, the library’s director of administrative services, Rob Gannon, said the library will have spent about $800,000 on consultant fees and $200,000 on extra IT costs by the end of the year in responding to the attack.

The consultant fees included $400,000 for the consulting firm Charles River Associates to conduct a forensic investigation and negotiate “‘with the bad guys,” Gannon said, the Times reported. The library paid another consulting firm, Alvaka, $262,000 to restore the library’s network and computer terminals. It paid two law firms a combined $87,000 for legal support.

Gannon said the library expects to share more information in one month about what type of data was accessed. Gannon confirmed data was downloaded and that affected people will be notified.

“We know that data has left the library,” Gannon said during the Thursday hearing. “We do not have any even early indication about the extent of personal information that may have been compromised.”

Funds for the consultants and additional IT costs will come from the library’s budget, but the officials said they do not anticipate the expenses to disrupt the library’s staffing or operations.