The British Library, the national library of the UK, revealed in October 2023 that it was facing disruptions to its services due to an IT outage. It was later discovered that the library had fallen victim to a ransomware attack, resulting in the theft and leakage of its data by cyber criminals. While the British Library is slowly restoring its services, progress is hindered by an ongoing forensic investigation. This guide provides an overview of the cyber attack, the current situation, and potential future developments.
The British Library is a renowned institution housing over 170 million items, including books, journals, maps, newspapers, scripts, and more. It is also a legal deposit library, meaning it receives copies of all books published in the UK and the Republic of Ireland. Additionally, it offers various resources for learning, research, and support services. The library’s main site is located in London, with another facility in Yorkshire.
The cyber attack on the British Library was initially disclosed on October 29, 2023, and later confirmed to be a ransomware attack. The Rhysida ransomware gang claimed responsibility for the attack and leaked internal documents, including employee information, on the dark web. Subsequently, the gang auctioned off stolen data but failed to find a buyer and ultimately leaked a significant portion of the data. The leaked information includes personal details of visitors and readers but does not contain financial data.
Rhysida is a cyber criminal gang that operates as a ransomware-as-a-service (RaaS) group, selling access to its ransomware to affiliates. They primarily target various sectors, including education, government, healthcare, IT, and manufacturing. The gang exploits vulnerabilities in remote services and often uses stolen credentials to gain unauthorized access.
The British Library’s computer systems, website, phone network, and public wireless network were all affected by the cyber attack. This disruption prevented users from accessing the library’s collection, although limited availability is now offered. Onsite services, such as access to the digital collection and online Reading Rooms, remain unavailable. Additionally, the inter-library loan service, which assists libraries in obtaining books, is suspended.
Those affected by the cyber attack have been contacted by the British Library via email, and further communication will be provided if additional data is compromised. Users are advised to change their passwords if they have used the same one for other services. The National Cyber Security Centre (NCSC) offers guidance on staying safe online and provides support for individuals affected by data breaches.
An investigation into the cyber attack is underway, but details may not be disclosed for some time. The British Library faces potential regulatory penalties if fault is established. The recovery process is expected to continue until at least autumn 2024, with collaboration among law enforcement, cyber forensics teams, and the NCSC. The estimated cost of recovery is approximately £7 million.
The British Library expressed gratitude for the support and patience of its users during this challenging period. The institution aims to restore more services in the coming months and remains committed to its mission of providing access to knowledge and fostering openness and empowerment.
