Toronto

Toronto Zoo says personal info of current, former and retired staff stolen in cyberattack

The Toronto Zoo says it believes current, former and retired employees had some personal information stolen in a ransomware cyberattack it reported earlier this month.

Zoo believes stolen information doesn't include banking details

An adult and baby Sumatran orangutan much on some greens.
A Sumatran orangutan mother and baby at the Toronto Zoo are pictured here. The zoo said it is continuing to investigate to determine how a cyberattack it reported earlier this month might have affected zoo members, guests, donors and volunteers. (Toronto Zoo)

The Toronto Zoo says it believes current, former and retired employees had some personal information stolen in a ransomware cyberattack it reported earlier this month.

That information includes past earnings information, social insurance numbers, birthdates, telephone numbers and home addresses of employees dating back to 1989, but the zoo said it believes it doesn't include banking information. The zoo noted that it doesn't store employee banking information on its servers.

To help employees, the zoo said it will offer all current, former and retired staff within that time period a complimentary two-year credit monitoring service that will allow employees to check for signs of identify fraud.

The offer is a "proactive step," the zoo said.

The zoo said it is continuing to investigate to determine how the cyberattack might have affected zoo members, guests, donors and volunteers and it will notify affected individuals directly about its findings. The zoo added that it does not store credit card information.

Animal well-being, care and support systems have not been affected, it said. Normal zoo operations are continuing and the facility is open to guests.

"It is so unfortunate and very disturbing that charitable not-for-profit organizations like your Toronto Zoo and other public sector organizations are being targeted by cyber attacks," the zoo said in a news release on Wednesday.

"Our mission is to connect people, animals and conservation science to fight extinction, not cyber criminals. This has been a terrible incident that has directly impacted our current and former staff and for that we are deeply sorry."

The zoo reported the attack on Jan. 8 and said it has reported the incident to police.

Retired and former Zoo employees interested in receiving the two-year credit monitoring service are urged to contact the zoo at [email protected] and provide the following information: first and last name, last area of the zoo where they worked and the period of time they were employed.