Employee data leaked during British Library cyber attack

A ransomware group has said it is auctioning off access to the data files.

Charlotte McLaughlin
Tuesday 21 November 2023 05:55 EST
The British Library said it is investigating the outage with cybersecurity specialists (Alamy/PA)
The British Library said it is investigating the outage with cybersecurity specialists (Alamy/PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A cyber attack targeting the British Library has led to a leak of employee data, the institution said.

The Rhysida ransomware group has claimed it has access to passports along with other data files.

The group said it has started bidding in an auction for access at 20 bitcoin (around £600,000) on an online site.

The British Library, which has one of the largest book collections in the world, previously reported that a “major technology outage” had hit online services, public wifi at the site and its website.

Ransomware is the key cyber threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks

National Cyber Security Centre spokesperson

It said in October that the National Cyber Security Centre (NCSC) and cybersecurity specialists were investigating.

On Tuesday, an NCSC spokesperson said: “We are working with the British Library to fully understand the impact of an incident.

Ransomware is the key cyber threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks.”

The British Library, near St Pancras railway station, remains open and visitors can access the reading rooms for personal study.

On Monday, the library posted a statement to X confirming internal HR files had been leaked.

It said: “We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too.

“We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.

“Following confirmation last week that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files.

“We have no evidence that data of our users has been compromised.”

The Information Commissioner’s Office (ICO), the UK’s data protection watchdog, has confirmed it is looking into the breach.

An ICO spokesperson said: “The British Library reported an incident to us and we are making inquiries.”

Last week, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Centre (MS-ISAC) warned about Rhysida.

In a joint statement they said the group has launched attacks “against the education, healthcare, manufacturing, information technology, and government sectors since May 2023”.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in