The Internet Crime Complaint Center, part of the Federal Bureau of Investigations in the United States, posted a warning about a potential attack on a particular sort of system. In private branch exchange ("PBX") settings, entities like offices or even dormitories can conserve the number of external telephone lines needed while allowing in-house station to station contact. For any libraries using the package Asterisk, there is a Caller ID spoofing vulnerability that may force an upgrade.
The holidays are a very stressful time of year and a great opportunity for criminals to do bad things. Keeping in mind patron privacy laws is one way to ensure the case the FBI notes won't be a problem. Patching software holes is another part of a holistic solution.