The Pierce County Library System (PCLS) experienced a data breach between **April 15–21**, where unauthorized actors accessed and exfiltrated files containing **personal details (names and dates of birth) of over 335,000 individuals**. While the library claimed no evidence of misuse, plaintiffs reported **increased spam calls, texts, and emails soliciting personal data**, along with **fraudulent credit checks and compromised debit cards**. The breach led to a **class-action lawsuit** alleging negligence in security measures, with plaintiffs seeking damages and mandatory system improvements. PCLS offered **one year of free credit monitoring**, but critics deemed this insufficient. The incident highlights risks of **identity theft and long-term fraud** from exposed sensitive data, even when limited in scope. The library, Washington’s fourth-largest system, faces reputational harm and potential financial liabilities, with similar local breaches (e.g., Pierce College, Virginia Mason) resulting in multimillion-dollar settlements.
Source: https://ca.news.yahoo.com/pierce-county-library-hit-data-121500821.html
TPRM report: https://www.rankiteo.com/company/pierceco-library-system
"id": "pie2932129090925",
"linkid": "pierceco-library-system",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '335,868',
'industry': 'Education/Government',
'location': 'Tacoma, WA, USA',
'name': 'Pierce County Library System (PCLS)',
'size': '4th-largest in Washington (19 locations)',
'type': 'Public Library System'}],
'customer_advisories': ['Monitor financial accounts for fraud',
'Enroll in provided credit monitoring',
'Report suspicious activity to library helpline '
'(1-855-201-0132)',
'Contact library via mail: 3005 112th St. E., Tacoma, '
'WA 98446'],
'data_breach': {'data_exfiltration': 'Yes (files copied and taken)',
'number_of_records_exposed': '335,868',
'personally_identifiable_information': ['Full Names',
'Dates of Birth'],
'sensitivity_of_data': 'Moderate-High (when combined with '
'other public data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-04-21',
'date_publicly_disclosed': '2024-07-01',
'description': "Unauthorized access into the Pierce County Library System's "
'network between April 15 and April 21, 2024, led to the '
'copying and exfiltration of files containing personal details '
'of over 335,000 individuals. The compromised data included '
'names and dates of birth. While the library reported no '
'evidence of misuse, two plaintiffs in a subsequent lawsuit '
'claimed increased spam and fraudulent activity linked to the '
'breach. A class-action lawsuit was filed in September 2024, '
'alleging negligence in security measures and seeking damages '
'along with enhanced security protocols.',
'impact': {'brand_reputation_impact': ['Class-action lawsuit',
'Public distrust',
'Media coverage'],
'customer_complaints': ['Increased spam calls/texts/emails',
'Debit card fraud alerts',
'Unauthorized credit checks'],
'data_compromised': ['Names', 'Dates of Birth'],
'identity_theft_risk': ['High (combined with publicly available '
'data)',
'Long-term monitoring required'],
'legal_liabilities': ['Class-action lawsuit (filed 2024-09-03)',
'Allegations of negligence',
'Potential damages and security mandates'],
'payment_information_risk': ['Indirect (via linked fraud '
'attempts)']},
'initial_access_broker': {'high_value_targets': ['Patron PII databases']},
'investigation_status': 'Completed (internal review ~May 2024)',
'motivation': ['Data Theft', 'Potential Financial Gain', 'Identity Fraud'],
'post_incident_analysis': {'corrective_actions': ['Credit monitoring offered',
'Legal defense prepared',
'Potential security '
'upgrades (if '
'court-mandated)'],
'root_causes': ['Inadequate security measures '
'(alleged)',
'Delayed public notification']},
'recommendations': ['Implement third-party security testing',
'Purge unnecessary personal data',
'Enhance incident response timeliness',
'Extend credit monitoring beyond 1 year',
'Adopt multi-factor authentication (MFA)',
'Conduct regular security audits'],
'references': [{'source': 'The News Tribune'},
{'source': 'Pierce County Superior Court Records (Case filed '
'2024-09-03)'},
{'source': 'Washington State Attorney General Data Breach '
'Directory'}],
'regulatory_compliance': {'legal_actions': ['Class-action lawsuit (Pierce '
'County Superior Court, filed '
'2024-09-03)',
'Potential regulatory scrutiny '
'(WA Attorney General)'],
'regulatory_notifications': ['Washington State '
'Attorney General '
'(breach reported in '
'directory)']},
'response': {'communication_strategy': ['Written notices mailed to affected '
'individuals (~July 2024)',
'Public notice',
'Dedicated helpline (1-855-201-0132)'],
'incident_response_plan_activated': 'Yes (immediate '
'investigation '
'post-detection)',
'remediation_measures': ['Free credit monitoring (1 year)',
'Identity protection services']},
'stakeholder_advisories': ['Written notices to 335,868 affected individuals',
'Public statement via library channels'],
'title': 'Pierce County Library System Data Breach (2024)',
'type': ['Data Breach', 'Unauthorized Access', 'Exfiltration']}