British Library Confirms Breach Following Ransomware Attack

The British Library, the UK’s national library and one of the world’s largest, is currently grappling with a significant technology outage following a ransomware attack. This cyber incident, confirmed as an attack by the Rhysida ransomware gang, has leaked sensitive internal data, predominantly from the library's human resources files.

In late October, the British Library first announced the attack, which had initially caused substantial disruption across its digital and physical services. This included the library's website, online systems, and onsite services, like visitor WiFi and electronic payment systems. Weeks into the incident, the library is still facing considerable challenges in restoring full functionality to its services.

However, the situation escalated when the Rhysida ransomware gang claimed responsibility for the attack and posted internal data from the British Library’s network on the dark web. The gang, active since May 2023, is recognized for its attacks on education, IT, and healthcare sectors, and is linked with the prolific Vice Society ransomware group. Rhysida's modus operandi involves leveraging external-facing remote services like VPNs to infiltrate the internal networks of organizations.

The stolen data, comprising employment documents and passport scans, was listed on a dark web leak site along with a ransom demand for over $740,000 in Bitcoin.

As a precaution, the British Library has advised users to change their passwords, especially if they are used across multiple platforms. The library is working closely with the National Cyber Security Centre, the Metropolitan Police, and other cybersecurity specialists to investigate the attack and strengthen its systems against future threats.

Despite the disruptions, the library's buildings remain open, offering limited services such as access to reading rooms, manual collection item ordering in London, and temporary reader registration.