The British Library has informed customers that their personal data may have been compromised during a recent ransomware attack, causing the library’s systems and website to be offline for the past month.
A notice sent to customers this week, seen by TechCrunch, revealed that the British Library’s customer relation management (CRM) databases were accessed during the cyberattack, which the Rhysida ransomware gang has since claimed responsibility for.
The disclosure notice stated, “At a minimum, these databases contain the name and email address of most of our users. For users of some of our services, these databases may also contain a postal address or telephone number.”
The number of affected customers is currently unknown, and British Library spokesperson Lishani Ramanayake declined to provide further details when asked by TechCrunch.
The Rhysida gang claims to have published 90% of the stolen data from the British Library on its dark web leak site. This includes over 490,000 files, totaling 573 gigabytes, which the British Library did not dispute when asked. Ransomware gangs often publish files on their dark web leak sites to extort victims into paying a ransom.
Previously, the Rhysida gang had offered the data for sale for approximately $740,000 worth of cryptocurrency at the time of publication.
TechCrunch has examined portions of the published data, which include various internal documents, such as training information and invoices, as well as sensitive employee information like salary details and scans of passports.
In an earlier update, the British Library confirmed that some internal data had leaked online, which “appears to be from our internal HR files.” However, at the time, there was no evidence that customer data was compromised.
The recent disclosure states that customers’ payment information is not part of the leak, as all payment processing is outsourced to third-party providers. The library indicated its confidence that no credit or debit card data was on the affected network.
The British Library’s systems were initially compromised in October, and the incident continues to impact the library’s website, online systems, and some on-site services, including access to collection items. The library anticipates restoring more services in the next few weeks, but disruption to certain services is expected to persist for several months.
Do you have more information about the British Library cyberattack? You can contact Carly Page securely on Signal at +441536 853968 or by email. You can also contact TechCrunch via SecureDrop.