The Toronto Zoo says some personal information belonging to its current, former and retired employees was stolen during a ransomware attack earlier this month.
In a statement issued Wednesday, Toronto Zoo said while it is early in the investigation, it believes some personal data belonging to its employees — dating back to 1989 — was taken, including past earnings information, social insurance numbers, birthdates, telephone numbers and home addresses.
“Based on the current information we have, we do not believe it includes personal banking information as the zoo does not store that information on our servers,” the statement said.
The zoo says it’s continuing to investigate to determine how Zoo members, guests, donors and volunteers are impacted by the attack, adding that it will directly notify individuals based on its findings.
“We also want to reassure everyone that animal wellbeing, care and support systems have not been impacted by this incident and we are continuing with normal zoo operations including being open to guests.”
The zoo, which was attacked on Jan. 8, is now working with the city and a third-party cybersecurity company to resolve the situation and has reported the ransomware attack to Toronto police.
“It is so unfortunate and very disturbing that charitable not-for-profit organizations like your Toronto Zoo and other public sector organizations are being targeted by cyber-attacks,” the statement said.
“Our mission is to connect people, animals and conservation science to fight extinction, not cyber criminals. This has been a terrible incident that has directly impacted our current and former staff and for that we are deeply sorry.”
As a proactive step, the Toronto Zoo said it is offering all current, former and retired Zoo staff a complimentary, two-year credit monitoring service which allows one to check for signs of identity fraud.
Retired and former zoo employees interested in receiving the service are urged to contact the Toronto Zoo at employee.support@torontozoo.ca.