Pierce County, Washington Library Confirms Ransomware Attack and Data Breach

The Pierce County Library System (PCLS) in Tacoma, Washington, confirmed it was the target of a ransomware attack that led to a multiweek network shutdown beginning April 21, 2025. Staff detected suspicious activity and proactively took all computer systems offline. By May 12, after a three-week forensic investigation involving over 1,000 systems, officials verified that an outside entity had gained unauthorized access and exfiltrated unspecified library data. Cybersecurity experts and the Multistate Information Sharing and Analysis Center (MS-ISAC) were brought in to assist with the investigation, and law enforcement has been notified of the criminal breach.

While the full scope of compromised data remains under investigation, PCLS stated it collects minimal personal information, including names, addresses, borrower IDs, and transaction records, which are periodically purged. Notifications will be sent to affected individuals as required by law. Several digital services remain offline, including the library catalog, book club kits, and self-checkout stations, although physical checkouts, in-person programs, and events continue. Staff stated that significant progress has been made in restoring services and pledged to maintain transparency with updates.

The breach has sparked concern among patrons, some of whom questioned whether the library acted swiftly enough following similar incidents at other library systems. Public comments and news reports revealed that Pierce County Library’s IT leadership had discussed cybersecurity vulnerabilities during board meetings earlier in the year. Critics argue the system was "on notice" following the Seattle Public Library’s ransomware event in 2024 and question why stronger preventative measures were not implemented sooner.

The Pierce County incident is part of a rising trend of cyberattacks on public libraries. In January 2025, the Laramie County Library System in Cheyenne, Wyoming, experienced a ransomware attack but was able to fully restore services within hours, highlighting the benefits of strong contingency planning. In contrast, Fort Bend County Libraries in Richmond, Texas, suffered a prolonged outage starting February 24, 2025, with lingering service disruptions and a $2.5 million cybersecurity overhaul. Delaware’s public libraries faced one of the most severe cases in September 2024 when hackers from the RansomHub group demanded a $1 million ransom and shut down statewide internet access, prompting a system rebuild with Microsoft’s help.

These incidents underscore the growing vulnerability of public institutions with limited cybersecurity resources. Libraries, while often overlooked as critical infrastructure, store sensitive patron data and deliver essential digital services. In Pierce County, digital circulation surpassed physical checkouts in 2024, illustrating how e-book and digital media use continues to grow. The need for robust protections is increasingly urgent. Experts and public officials alike warn that ransomware attacks are no longer isolated threats but systemic risks that demand sustained investment in prevention, recovery planning, and staff training.