Ransomware Destroys Decades of Wildlife Conservation Research at Toronto Zoo

The Toronto Zoo has issued a public notice stating that last year’s encounter with hackers ended up destroying decades of wildlife conservation research.

The Toronto Zoo, the largest zoo in Canada, is a conservation organization and a tourist attraction. It's also known for its research into reproduction and reintroduction of endangered species into the wild.

The park has one of the world’s most taxonomically diverse collections of animals on display, housing over 5,000 specimens from 500 species and seven zoogeographic regions.

After discovering a hacker intrusion in January last year, the zoo started notifying employees, volunteers, and donors whose data, it turned out, had been compromised.

“Since then, we have done extensive analysis to determine the full scope of the data breach and to notify those affected, and are now providing our final notification to those who had data exposed,” reads the zoo’s latest update, posted prominently on its website.

Guest and member data compromised

According to the notice, hackers stole “transaction data,” which they then leaked on the dark web.

The leak affects all guests and members who made general admission and membership purchases over the span of 23 years (between 2000 to April 2023).

The compromised info includes:

·      transaction data including first and last names, and, in some records, street address information, phone numbers and e-mail address data;

·      the last four digits of credit card numbers and expiration dates, but “only for guests and members making credit card transactions between January 2022 and April 2023,” the zoo clarifies.

Toronto Zoo has reported the incident to the Office of the Information and Privacy Commissioner of Ontario (the IPC).

The wildlife reserve advises those affected to be vigilant, saying: “carefully examine uninvited and suspicious communications and [...] regularly check financial account statements.”

Bitdefender Digital Identity Protection finds if your personal information has been compromised in a data breach and offers advice on how to protect yourself.

Decades of wildlife conservation research destroyed

When the intrusion occurred, officials were relieved to report that it had left no mark on the well-being of the park's wildlife.

Yet in the closing paragraphs of Toronto's latest update, readers find that the cyber attack erased invaluable research on conserving endangered species and halted long-standing efforts to protect vulnerable wildlife worldwide.

This cyber incident has been extremely challenging for us, particularly our current and past employees who had personal information compromised but also due to the loss of decades of wildlife conservation research.

Park officials say the zoo’s cybersecurity posture is now stronger than ever, and that they’re confident these “enhancements will give us significantly better network defenses and better ability to detect security problems.”

While the zoo never named the culprits, the Akira ransomware group is considered responsible for the attack.