British Library: Employee information leaked in cyber assault

British LibraryGetty Images

The British Library has confirmed {that a} cyber assault in October has led to a leak of worker information.

The assault, which happened on 31 October, has additionally resulted within the library’s web site being down for nearly a month.

The Rhysida ransomware group declare to be behind the assault, and say they’ll public sale off the stolen information.

The cyber gang say the value for information, that features passport scans, has been set at 20 Bitcoin (£596,459).

The British Library, the UK’s largest library, posted on X, saying: “Following confirmation last week that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files.”

However, it added that it has “no evidence that data of our users has been compromised”, and it has not confirmed that the information being bought at public sale belongs to British Library workers.

A National Cyber Security Centre (NCSC) spokesperson stated it was working with the library to “fully understand the impact” of the incident.

It added: “Ransomware is the key cyber threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks.”

On Monday the Rhysida ransomware group stated it was behind the assault and shared a picture to its leak web site on the darkish internet displaying varied paperwork, a few of which seem like HMRC employment contracts and passports.

The BBC has not verified whether or not the information is actual.

The cyber criminals stated an public sale for “exclusive, unique and impressive data” would finish simply earlier than 0800 GMT on 27 November, and could be bought to 1 single-party winner.

On 15 November the FBI and the US Cybersecurity & Infrastructure Security Agency issued a warning on the menace posed by Rhysida.

In a joint assertion, it stated: “Threat actors leveraging Rhysida ransomware are known to impact ‘targets of opportunity’, including victims in the education, healthcare, manufacturing, information technology, and government sectors.”

Auction of British Library data

Rhysida ransomware group

The group are additionally behind latest assaults on the Chilean military, the Portuguese metropolis of Gondomar and the University of West of Scotland.

Presentational grey line


Joe Tidy, BBC Cyber Correspondent

These sorts of assaults are sadly extraordinarily widespread with ransomware gangs like Rhysida efficiently stealing troves of information from corporations and disrupting operations day-after-day.

Advice from regulation enforcement companies world wide is all the time to refuse to pay a ransom to those criminals because it fuels their trade, however sadly many sufferer organisations do to cowl it up or return to regular as swiftly as doable.

As a public establishment it is extremely unlikely that British Library will cave to the cyber criminals’ calls for so Rhysida are left with a mass of stolen information that they should generate profits from as shortly as doable earlier than shifting on to the following sufferer.

The timer on their darknet leak web site seems to be counting right down to a time (in six days) when the stolen information will probably be both given away at no cost or deleted.

It’s a troubling time for the workers who could also be extra prone to identification fraud, but it surely additionally may have been far worse had the hackers gained entry to extra delicate or bigger information units housed by the British Library.

Presentational grey line

In an announcement, the world-renowned library, which has one of many largest e-book collections on this planet, says it “anticipates restoring many services in the next few weeks, but some disruption may persist for longer”. The assault has had an influence on the library’s web site, on-line methods and providers equivalent to e-book ordering.

The assertion added: “If you have a British Library login and your password is used elsewhere, we recommend changing it as a precautionary measure.

“We’ve taken focused protecting measures to make sure the integrity of our methods, and we’re persevering with to research the assault with the help of NCSC [National Cyber Security Centre], the Metropolitan Police and cybersecurity specialists.”