Employee data leaked during British Library cyber attack

21 November 2023, 11:04

The British Library
London, British Library. Picture: PA

A ransomware group has said it is auctioning off access to the data files.

A cyber attack targeting the British Library has led to a leak of employee data, the institution said.

The Rhysida ransomware group has claimed it has access to passports along with other data files.

The group said it has started bidding in an auction for access at 20 bitcoin (around £600,000) on an online site.

The British Library, which has one of the largest book collections in the world, previously reported that a “major technology outage” had hit online services, public wifi at the site and its website.

It said in October that the National Cyber Security Centre (NCSC) and cybersecurity specialists were investigating.

On Tuesday, an NCSC spokesperson said: “We are working with the British Library to fully understand the impact of an incident.

“Ransomware is the key cyber threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks.”

The British Library, near St Pancras railway station, remains open and visitors can access the reading rooms for personal study.

On Monday, the library posted a statement to X confirming internal HR files had been leaked.

It said: “We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too.

“We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.

“Following confirmation last week that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files.

“We have no evidence that data of our users has been compromised.”

The Information Commissioner’s Office (ICO), the UK’s data protection watchdog, has confirmed it is looking into the breach.

An ICO spokesperson said: “The British Library reported an incident to us and we are making inquiries.”

Last week, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Centre (MS-ISAC) warned about Rhysida.

In a joint statement they said the group has launched attacks “against the education, healthcare, manufacturing, information technology, and government sectors since May 2023”.

By Press Association

More Technology News

See more More Technology News

EA Sports sign

Games developer Electronic Arts to cut 5% of workforce

This super speedy acceleration makes "not an especially nice noise", with the journalist saying it is "bowel loosening".

Jeremy Clarkson brands supercars 'too difficult' after driving new £308k vehicle

A Google building

Inaccurate images generated by AI chatbot were ‘unacceptable’, says Google boss

An Apple store

Apple shuts down electric car project – reports

Sage sign

AI will ‘change nature’ of accounting, says Sage boss

A child using a laptop computer (PA)

More guidance needed on AI in schools, report says

Most influential Scots on TikTok

Gen Z ushering in ‘post-truth media age’, says former No 10 communications chief

UK mobile phone networks stock

Vodafone completes 3G network switch off

Sony PlayStation 5

Sony to close London studio as part of 900 PlayStation job cuts

James Cleverly visit to US

Use of AI for medical diagnoses and police work discussed by Home Secretary

A wallet containing cash and cards

80% of 85 to 95-year-olds now pay with contactless, says Barclays

Woman using a laptop computer

More small digital firms making £100,000-plus across the UK, data shows

James Cleverly

Deepfakes provide ‘perfect storm’ for hijackers in general election – Cleverly

Jack Ritchie inquest

Online slot games ‘highly addictive’ despite new limits, say bereaved parents

The Spotify app is shown in an Apple iPad mini

Apple hits out at Spotify over ongoing EU competition complaint

Serco signage

Serco Leisure ordered to stop using facial recognition tech on workers