The Pierce County Library System cyberattack has exposed the personal information of more than 340,000 individuals following a cybersecurity incident discovered in April 2025. The public library system, which operates 19 locations and serves nearly one million residents outside Seattle, confirmed that unauthorized access to its network resulted in sensitive data being copied and taken.
According to breach notification letters published this week on the Pierce County Library System (PCLS) website and filed with regulators in multiple states, the incident occurred between April 15 and April 21, 2025.
PCLS detected the breach on April 21 and immediately shut down its systems to contain the attack and begin an investigation.
Unauthorized Network Access and Data Exposure
The investigation revealed that attackers gained access to PCLS systems for nearly a week and exfiltrated files containing personal information. By May 12, the organization confirmed that hackers had stolen data belonging to both library patrons and current or former employees.
For library patrons, the exposed data included names and dates of birth. For employees and their family members, the compromised information was significantly more sensitive. Impacted data may include Social Security numbers, financial account details, driver’s license numbers, credit card information, passport numbers, health insurance records, medical information, and dates of birth.
PCLS stated that it is not currently aware of any misuse of the stolen data. However, the organization acknowledged the seriousness of the breach and emphasized that it takes the confidentiality and privacy of personal information in its care very seriously.
Ransomware Gang Claims Responsibility of Pierce County Library System cyberattack
The Pierce County Library System cyberattack was claimed in May by the INC ransomware gang, a cybercriminal group that has carried out multiple high-profile attacks against government and public-sector organizations in 2025. The group has previously targeted systems such as the Pennsylvania Office of the Attorney General and an emergency warning service used by municipalities across the United States.
While PCLS has not publicly confirmed whether a ransom demand was made or paid, public library systems have increasingly become targets for ransomware attacks on public libraries. Cybercriminal groups often assume that governments will pay to quickly restore access to essential public services.
History of Cyber Incidents in Pierce County
This is not the first cybersecurity incident to impact Pierce County. In 2023, a ransomware attack disrupted the county’s public bus service, affecting systems used by approximately 18,000 riders daily. The recurring nature of such incidents highlights ongoing challenges faced by local governments in defending critical public infrastructure.
Globally, library systems have experienced a rise in cyberattacks in recent years. High-profile incidents, including the British Library cyberattack, along with multiple attacks across Canada and the United States, have caused prolonged outages and service disruptions.
Steps for Impacted Individuals
PCLS is urging affected individuals to remain vigilant against identity theft and fraud. The organization recommends regularly reviewing bank and credit card statements and monitoring credit reports for suspicious activity.
Under U.S. law, consumers are entitled to one free credit report annually from each of the three major credit bureaus, Equifax, Experian, and TransUnion. Individuals may also place fraud alerts or credit freezes on their credit files at no cost to help prevent unauthorized accounts from being opened in their name.
PCLS has provided a dedicated call center for questions related to the incident.
As cyberattack on the Pierce County Library System continue to expand digital offerings, cybersecurity remains a critical challenge requiring sustained investment and vigilance.