by Zach Miller
Quick Summary
A cyber attack directed against MNLINK.org on the early morning of December 15 crashed the site and yielded 1,704 successful log-ins, all associated with Rochester (MN) Public Library. Each successful log-in may have exposed additional patron data. In a meeting held the following day, the MNLINK Operations Committee unanimously agreed upon a course of action to increase system security.
Beginning at approximately 2:00 a.m. on Thursday, December 15, a cyber attack was directed at MNLINK.org, a website that provides Minnesota library patrons with access to interlibrary loan services. By 8:30 a.m. that day, the staff who run MNLINK had coordinated to block the attack and restore MNLINK to full functioning.
In the attack, an automated process attempted to log in to MNLINK by entering a high volume of random patron barcodes. MNLINK’s login page crashed due to the web traffic associated with the attack. A total of 1,704 successful log-ins occurred, all of which were associated with Rochester Public Library accounts. With each successful log-in, data may have been exposed, including the patron’s email address, delivery location, and recent requesting activity.
Minitex, Rochester Public Library, and all MNLINK-participating libraries take the security of patron data very seriously. The MNLINK Operations Committee met the following day, Friday, December 16, and unanimously agreed upon a course of action to improve MNLINK system security in order to prevent future attacks.
MNLINK is managed by Minitex, a joint program of the Minnesota Office of Higher Education and the University of Minnesota, in collaboration with MNLINK-participating libraries.
Correction: The original version of this story stated that 1,709 successful log-ins occurred. Subsequent information indicated that the correct number is 1,704. The story was updated December 22, 2022.