Here at Capira, we have been receiving a lot of questions about recent library patron data breaches from customers and business connections, so we wanted to clarify some information.
Customers of an ILS vendor were notified recently with a message indicating that some libraries had a patron data breach through a vulnerability in a “third party mobile application". Capira Technologies IS NOT the third-party application vendor they mention. I reached out to the ILS vendor security team for more information so that we can determine how the breach occurred with the other vendor to help ensure we aren't vulnerable in a similar manner.
While no system is 100% secure, we take great steps to ensure access to our systems and customers are protected.
- Direct access to our cloud server infrastructure is limited both by IP access and use of a private key file. Only two people on staff have this private key, one of which is myself.
- All other access to our cloud server infrastructure other than HTTP/HTTPS is restricted by IP address.
- We force SSL connections for services we provide such as CapiraMobile and MuseumKey.
- Access requests to customer ILS functions are (REST APIs, etc) are performed using SSL where available.
- While not all third-party customer services support SSL connections, we make a point to request SSL endpoints of services for use, including for external services like Event Calendars, Room Booking, Library Guides, and more.
- We use Intrusion Detection software on our cloud servers to monitor for abnormal traffic in to our systems and out to customer integrated library systems.
- We perform security updates for software and operating systems on a 30 day basis, excluding critical security fixes which are applied when immediately available.
We've taken a precautionary measure over the past few weeks and inspected our virtual servers access logs and network traffic reports for anything out of the ordinary. No customers have reported any data breaches to us. We will continue to monitor our infrastructure.
Managing Member, Lead Software Engineer at Capira Technologies, LLC.