Toronto Zoo's final update on its January 2024 cyberattack arrived this week, revealing that visitor data going back to 2000 had been compromised.

It said everyone who purchased a general admission ticket or zoo membership between 2000 and April 2023 had their personal data stolen by ransomware crooks in the digital heist.

First and last names were stolen, as were home addresses, phone numbers, and email addresses "in some records." For those who made credit card transactions between January 2022 and April 2023, card details such as the last four digits of the number and expiration dates were also lifted.

[1]

"Phishing and online fraud is ever present today," the update reads. "We encourage those affected and all our guests and members to be vigilant, and to carefully examine uninvited and suspicious communications and to regularly check financial account statements.

[2]

[3]

"Your Toronto Zoo has reported this matter to the Office of the Information and Privacy Commissioner of Ontario (the IPC) and an investigation file has been opened. The IPC has advised that it is not necessary for you to file a complaint as they are already investigating the matter."

Per a recent press release, the zoo said it attracts around 1.2 million visitors each year, and as of 2023, around 35,000 households were part of its membership program.

[4]

Toronto Zoo also briefly summarized its previous updates, noting that in addition to 23 years' worth of visitor and member data being stolen, all current and former staff members going back to 1989 had their details compromised, too.

Each person was informed about this last year and was offered an apology and the usual credit monitoring services.

The zoo didn't mention the word "ransomware" anywhere in the final communication about its attack, although [5]it has done so in the past, and to refresh the memory, the break in was the work of ransomware outfit Akira.

[6]

Over a year later, Akira still has the zoo's data available to download and claims all 133 GB of it consists of NDAs, personal files, "and of course, lots of interesting info about animals."

[7]Leeds United kick card swipers into Row Z after 5-day cyberattack

[8]Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility

[9]Cybercrims now licking stamps and sending extortion demands in snail mail

[10]Ransomware thugs threaten Tata Technologies with leak if demands not met

Planting its roots in 2023, Akira rose to prominence last year after claiming major scalps like [11]Lush , Tietoevry, [12]Stanford University , and [13]Nissan Australia . By June, experts were telling The Register that it could be the [14]next big thing in ransomware after law enforcement had their way with BlackCat and LockBit, the former dominant players.

Toronto Zoo's final words on the matter were somber and regretful over the data stolen, but assured its defenses were now thoroughly shored up.

"This cyber incident has been extremely challenging for us, particularly our current and past employees who had personal information compromised but also due to the loss of decades of wildlife conservation research that was lost as well.

"Since this incident, we have taken significant steps to ensure our information technology is more secure and have been working closely with the City of Toronto's Chief Information Security Office and we are grateful for their expertise and ongoing support. Our enhancements will give us significantly better network defenses and better ability to detect security problems."

Finally, the zoo thanked its supporters for sticking with it throughout the past year: "We would also like to express our heartfelt gratitude to our employees, volunteers, Zoo members, guests, and our community supporters for their patience and understanding as we worked through this challenge together." ®

Get our [15]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/ransomwareinfocus&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z8nUsVT_NBH7OIo9fHtwgwAAAcE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/ransomwareinfocus&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z8nUsVT_NBH7OIo9fHtwgwAAAcE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/ransomwareinfocus&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z8nUsVT_NBH7OIo9fHtwgwAAAcE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/ransomwareinfocus&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z8nUsVT_NBH7OIo9fHtwgwAAAcE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.torontozoo.com/cyberincident

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/ransomwareinfocus&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z8nUsVT_NBH7OIo9fHtwgwAAAcE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2025/03/05/leeds_united_card_swipers/

[8] https://www.theregister.com/2025/03/05/qilin_ransomware_credit/

[9] https://www.theregister.com/2025/03/05/snail_mail_data_release_extortion/

[10] https://www.theregister.com/2025/03/05/tata_technologies_hiunters_international/

[11] https://www.theregister.com/2024/01/26/akira_lush_ransomware/

[12] https://www.theregister.com/2023/10/30/stanford_university_confirms_investigation_into/

[13] https://www.theregister.com/2024/05/20/in_brief_security/

[14] https://www.theregister.com/2024/06/09/akira_the_next_big_thing/

[15] https://whitepapers.theregister.com/