The Toronto Zoo has issued a final notification regarding a cybersecurity breach that compromised personal data from guests, members, employees, and donors.
The attack, first discovered in early January 2024, included the theft of transaction records dating back to 2000, with some data leaked on the dark web last year.
“It is currently not published, though this could change,” the zoo wrote in a statement.
Officials say the compromised information includes names, addresses, phone numbers, and email addresses linked to general admission and membership purchases. Additionally, guests who made credit card transactions between January 2022 and April 2023 had the last four digits of their credit card numbers and expiration dates exposed.
Soon after we first discovered a cyberattack on Zoo's systems in early 2024, we notified affected employees, former employees, volunteers and donors.
— The Toronto Zoo (@TheTorontoZoo) February 28, 2025
We are taking a transparent approach in issuing this final notification.
Learn about our findings ⬇️https://t.co/y5Xhz7BfmL pic.twitter.com/Bxi5CHPKWP
“Phishing and online fraud is ever present today,” officials said.
“We encourage those affected and all our guests and members to be vigilant, and to carefully examine uninvited and suspicious communications and to regularly check financial account statements.”
The breach was also reported to Ontario’s Information and Privacy Commissioner, which has launched an investigation. The zoo says it has strengthened its cybersecurity in response, working with the City of Toronto’s Chief Information Security Office to enhance defences and improve security monitoring.
Zoo officials expressed gratitude for the patience and support of employees, volunteers, members, and visitors as they worked to address the incident.
