The British Library cyber attack claimed by an elusive ransomware gang leaked employees’ personal data, the state-run institution has confirmed.
On October 28, the library said it was experiencing technical issues that affected its website, Wi-Fi, and limited access to collections.
“The outage is affecting our website, online systems and services, as well as some onsite services including our reading rooms and public Wi-Fi,” said the library.
However, readers could still physically access the facilities at St Pancras, but the library only accepted cash transactions.
The British Library is one of the largest libraries in the UK and the world, with over 170 million items, including electronic and printed books, periodicals, and rare manuscripts.
Rhysida ransomware gang claims British Library cyber attack
On November 14, the library confirmed that the persistent technological problems resulted from a cyber attack.
“We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too,” the library posted on X (formerly Twitter).
On November 20, the Rhysida ransomware gang claimed responsibility for the British Library cyber attack and alleged to have exfiltrated personal data. The group offered the stolen data for sale to a single buyer for 20 bitcoins valued at approximately $750,000.
“With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” said Rhysida ransomware.
The group also published samples of the stolen personal data, which seemingly included employee documents and passport scans.
According to the FBI and CISA, the Rhysida ransomware group indiscriminately compromises targets of opportunity, including education, healthcare, manufacturing, information technology, and government sectors. The group exploits unsecured remote access services such as VPNs without MFA, unpatched software vulnerabilities such as Zerologon CVE-2020-1472, and phishing.
Rhysida was responsible for the Prospect Medical Holdings cyber attack that disrupted 16 hospitals. Other victims include the Chilean army, the University of West of Scotland, Kuwait, Martinique, and the Portuguese city of Gondomar.
The British Library confirms personal data leak
The British Library confirmed that the cyber attack leaked personal data, although it is unclear if the institution can independently verify what was accessed.
“Following confirmation last week that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files,” said the library.
While the British Library had no evidence that personal data was compromised, it advised its customers to protect themselves from potential attacks by changing their online passwords.
“We have no evidence that wider user data has been compromised. However, we are recommending as a precautionary measure that if users have a password for British Library services that they also use elsewhere, they should change it,” noted the library.
Meanwhile, the UK privacy watchdog, the Information Commissioner’s Office (ICO), has confirmed it is aware of the incident and will make inquiries.
The library also indicated that it was continuing to investigate the attack with the support of the UK’s law enforcement agencies.
So far, the British Library has not disclosed the threat actor’s identity, how they infiltrated the network, or if ransom negotiations were underway, which seems unlikely.
Brace for persistent disruptions, the British Library warns
With service disruption approaching the fourth week, the British Library has no fixed timeline for restoring the affected systems and anticipates that the outages will last longer.
“We anticipate restoring many services in the next few weeks but some disruption may persist for longer,” the British Library warned.
The British Library cyber attack coincided with Canada’s Toronto Public Library’s ransomware incident that leaked a “large number of files,” impacting current and former employees. However, the Toronto Public Library refused to pay the ransom and warned victims that attackers could publish the stolen personal data on the dark web.