The Toronto Public Library has confirmed that sensitive data may have been stolen in a ransomware attack that was responsible for temporarily bringing down its website and registration systems, as well as public computers and printers at physical TPL branches.

In a statement issued on Friday, representatives for the library system said that in partnership with the Toronto Police Service and third-party cybersecurity experts, they have determined the system was affected by a ransomware attack.

In the statement, library representatives said they have determined that sensitive data “may have been exposed” during the attack, although “further investigation is required to determine the extent of the exposure and individuals affected.”

In its most recent update on Tuesday, the library previously said that there was “no evidence” that the personal information of staff or customers had been compromised.

The library will continue to work with consultants to assess the scope of the data breach.

“We anticipate the investigation will take some time to complete,” says the statement. “We appreciate your patience and support. We will continue to be transparent, and provide further information as we learn more.”

It’s unclear when the library’s systems will become operational.