The British Library, one of the largest libraries globally and the national library of the United Kingdom, has acknowledged that a ransomware attack resulted in the theft of internal data.
In late October, the British Library disclosed an unspecified cybersecurity incident that caused a “major technology outage” across its London and Yorkshire sites. This outage affected its website, phone lines, and on-site services. Two weeks later, the organization confirmed the disruption was due to a ransomware attack by a known criminal group. It was revealed that some internal data, specifically from their HR files, has been leaked online.
The confirmation followed the British Library’s appearance on the dark web leak site of the Rhysida ransomware gang. The gang claimed responsibility for the cyberattack and threatened to publish the stolen data unless a ransom was paid.
Although it was not specified what types of data were stolen, samples shared by the gang include employment documents and passport scans. The Rhysida ransomware gang, the subject of a recent CISA and FBI advisory, has been known to target various sectors including education, IT, and government.
According to Sophos researchers, there are overlaps between the Rhysida gang and the Vice Society ransomware gang, with Vice Society ceasing to post new victims around the time Rhysida started reporting victims.
Ransomware gangs often disband, rebrand, or create new malware variants to evade sanctions and law enforcement. The British Library has advised its customers to change their passwords as a precautionary measure, although they have no evidence that customer data was compromised.
The library has not disclosed the extent of the data breach, whether they have received any communication from the hackers, or the technical means to determine if customer data was taken. Recovery from the ransomware attack is expected to take several weeks, with the support of the National Cyber Security Centre, the Metropolitan Police, and cybersecurity specialists.