British Library Hit by Data Breach, Potentially Causing Months of Disruption

Hackers said 90% of the data taken had been leaked.

British Library's customers have been informed that in the course of a recent ransomware assault, which has rendered the library's systems and website inaccessible for the last month, it is possible that their personal information was taken.

The British Library informed its customers this week—a message that TechCrunch has seen—that the hack, for which the Rhysida ransomware group has now taken credit, gained access to its customer relation management (CRM) systems.

"At a minimum, these databases contain the name and email address of most of our users. For users of some of our services, these databases may also contain a postal address or telephone number," the disclosure notice states.

Lishani Ramanayake, a representative at the British Library, refuses to disclose the estimate of the number of impacted clients.

British Library Investigates Cyber Attack As Stolen Data Goes Up For Auction
A general view of the exterior signage at The British Library on November 23, 2023 in London, England. Rhysida, a ransomware group, has claimed responsibility for the October 31 cyber attack, leading to the leakage of employee data, including passport photos and HMRC employment records. Leon Neal / Getty Images

Clients' Sensitive Data Stolen by Hackers

As stated on their dark web leak site, the Rhysida gang claims that 90% of the information that was stolen from the British Library has been made public. The listing said that there are more than 490,000 files, with a total size of 573 gigabytes, something that the British Library did not argue about.

Dark web leak sites are often used by ransomware organizations to force victims into paying a ransom for data.

Approximately $740,000 worth of cryptocurrency was the asking price when the Rhysida gang first listed the data for sale. The publicly accessible data includes sensitive employee information (such as pay details and passport scans), as well as internal documents (such as training records and invoices).

Data Breach That Started in October

According to an earlier update provided last week, the British Library has verified that there was an internet breach of what appears to be from the library's internal human resources files. Back then, the company said it had "no evidence" of a data breach involving its customers.

The British Library has now come clean about the fact that it has outsourced all payment processing to third-party suppliers, thus users' financial information was not compromised in the hack.

"We are, therefore, confident that no credit or debit card data was on the affected network, and that any card details you may have used to make purchases with us," the library stated.

The incident, which began in October, has affected the British Library's website, online systems, and some on-site services, including access to collection objects. As a result of the cyber breach, the British Library is now suffering a "major technology outage," it said in a post on X (previously Twitter).

While the library hopes to restore additional services in the next weeks, it has already announced that certain services will be unavailable for at least "several months."

Tags
Data Breach, Hack
Real Time Analytics