Data breach of thousands of Chattanooga Library card owners revealed

Correction: A previous version of this story named Formidable as the company that oversees the library's online renewal process. According to the library, Formidable makes the plugin used for the library's online renewal forms.

The Chattanooga Library said the private information of around 5,000 library cardholders had been exposed online since October 2020, an IT team they work with catching the mistake last week. 

"We will go to the mat to protect somebody's privacy we absolutely will, and so for this to happen is really, really devastating,” said Corrine Hill, the Executive Director of the Chattanooga Library.

She said when the pandemic forced the Chattanooga Library to close, they had to adapt and gave people the option to renew their library cards online, which ultimately caused the massive data exposure.

The forms you are required to upload for renewal are sensitive items that include a copy of your driver’s license and proof of residence which could go as far as a bank statement.  

"It's extremely serious, and it's extremely problematic,” said Hill.

She said Formidable is the name of the company that makes the plugin used for online renewal forms. According to a library spokesperson, Formidable had a configuration issue that caused the exposure.

“Configuration problem with the plug-in we were using for the forms,” Hill explained. "We fixed the configuration problem so it's no longer exposed."

Luckily, according to Hill, no accounts appear to have been used in a malicious way.

She said next week the Library will notify those whose accounts could be impacted.

In the meantime, she is asking anyone who renewed their card between October and last week to keep an eye on their credit accounts.

She suggests going to free websites such as Credit Karma