Contact Us

Use the form on the right to contact us.

You can edit the text in this area, and change where the contact form on the right submits to, by entering edit mode using the modes on the bottom right. 

         

123 Street Avenue, City Town, 99999

(123) 555-6789

email@address.com

 

You can set your address, phone number, email and site description in the settings tab.
Link to read me page with more information.

Concerning Recent Library Patron Data Breaches

News

Praesent commodo cursus magna, vel scelerisque nisl consectetur et. Curabitur blandit tempus porttitor. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Cras mattis consectetur purus sit amet fermentum. Cras mattis consectetur purus sit amet fermentum.

 

Concerning Recent Library Patron Data Breaches

Jessica Rathjen

Greetings!

Here at Capira, we have been receiving a lot of questions about recent library patron data breaches from customers and business connections, so we wanted to clarify some information.

Customers of an ILS vendor were notified recently with a message indicating that some libraries had a patron data breach through a vulnerability in a “third party mobile application". Capira Technologies IS NOT the third-party application vendor they mention. I reached out to the ILS vendor security team for more information so that we can determine how the breach occurred with the other vendor to help ensure we aren't vulnerable in a similar manner.

While no system is 100% secure, we take great steps to ensure access to our systems and customers are protected.

  • Direct access to our cloud server infrastructure is limited both by IP access and use of a private key file. Only two people on staff have this private key, one of which is myself.
  • All other access to our cloud server infrastructure other than HTTP/HTTPS is restricted by IP address.
  • We force SSL connections for services we provide such as CapiraMobile and MuseumKey.
  • Access requests to customer ILS functions are (REST APIs, etc) are performed using SSL where available.
  • While not all third-party customer services support SSL connections, we make a point to request SSL endpoints of services for use, including for external services like Event Calendars, Room Booking, Library Guides, and more.
  • We use Intrusion Detection software on our cloud servers to monitor for abnormal traffic in to our systems and out to customer integrated library systems.
  • We perform security updates for software and operating systems on a 30 day basis, excluding critical security fixes which are applied when immediately available.

We've taken a precautionary measure over the past few weeks and inspected our virtual servers access logs and network traffic reports for anything out of the ordinary. No customers have reported any data breaches to us. We will continue to monitor our infrastructure.

Sincerely,

Michael Berse

Managing Member, Lead Software Engineer at Capira Technologies, LLC.