Data confirmed stolen from British Library during ransomware attack
The British Library, which serves as the United Kingdom's national library and stands as one of the world’s biggest libraries, has verified that an attack from ransomware resulted in the theft of internal data.
The British Library, one of the world's preeminent libraries, has confirmed a ransomware attack that resulted in the theft of internal data. Initially reported as a cybersecurity incident causing widespread outages in late October, the Library has now acknowledged the incident as a ransomware attack perpetrated by a known criminal group. This attack led to a significant technology disruption, affecting their website, online systems, and various on-site services.
Two weeks into the outage, the British Library revealed that some of its internal data, believed to be from HR files, was leaked online. The situation escalated when the Rhysida ransomware gang, which recently received an advisory warning from CISA and the FBI, listed the British Library on their dark web leak site. The gang, demanding over $740,000 in Bitcoin, has threatened to publish more stolen data.
Samples of the compromised data include employment documents and passport scans, though the extent and type of all stolen data remain unclear. The Rhysida gang, which shares operational similarities with the Vice Society ransomware group, became active around the time Vice Society ceased posting new victims.
The British Library, in its latest update, stated that while there is no evidence of customer data compromise, they recommend users change their passwords as a precaution, especially if the same passwords are used across multiple services. The Library has yet to confirm how the breach occurred, the full scope of the stolen data, or whether they have received a ransom demand from the hackers.
Currently, it's unclear if the British Library has the means to ascertain whether customer data was also taken. Their communication capabilities, including email, appear to be affected, as their website remains offline. The Library anticipates that recovering from this ransomware attack could take several weeks or longer.
In the meantime, the British Library has implemented protective measures to secure its systems and is working with the National Cyber Security Centre, the Metropolitan Police, and cybersecurity specialists to investigate and manage the attack.