British Library employee data on sale after cyber-attack

The British Library confirmed last week that the personal data of some of its employees has appeared on sale on the dark web after being stolen in a cyber-attack on 31 October that resulted in a major technology outage.

The data includes employee contracts and passport information apparently taken from internal HR files and is on sale for 20 Bitcoin (approximately £600,000) until 27 November.

The library has advised users of their services to change the passwords to their accounts as a precaution. As access to the organisation’s website remains unavailable, the library is now providing updates on the incident via blog posts.

‘Having confirmed that this was a ransomware attack, we’re aware that some data has been leaked’, the library posted on 24 November. ‘We’ve taken targeted protective measures to ensure the integrity of our systems, and we’re continuing to investigate the attack with the support of [the National Cyber Security Centre], the Metropolitan Police, and cybersecurity specialists.’

The same post also announced that while some services, such as on-site Wi-Fi, are gradually returning, the suspension of certain key services is ‘expected to persist for several months’. Affected services include collecting items ordered after 29 November, normal reader registration, and ordering certain items.

Ransomware gang Rhysida has claimed responsibility for the attack. The group, first made known in May this year, has targeted various public institutions around the world. On 16 May, they attacked the Caribbean island of Martinique, disrupting education and financial services among the local community. In the following months, government institutions in Portugal, Chile, Kuwait, and the Dominican Republic reported cyber-attacks from the gang. In a particularly devastating attack in August this year, Rhysida also stole over a terabyte of data, including 500,000 Social Security numbers, from US-based physician association Prospect Medical Holdings.

In an analysis, BBC Cyber Correspondent Joe Tidy suggested that the British Library are ‘highly unlikely’ to ‘cave to the cybercriminals’ demands’ and pay the ransom fee requested, as the money funds such gangs.

‘It’s a troubling time for the employees who may be more at risk of identity fraud, but it also could have been much worse,’ he added.

Regardless, the attack on the British Library has raised concerns about the security of public-sector IT infrastructure, with cyber intelligence experts suggesting that the UK government needs to spend more public funds on protecting critical IT infrastructure.

‘Despite whatever the government has spent on cyber resilience, those [...] parts of government are just much less mature,’ commented Jamie MacColl, a research fellow at the Royal United Services Institute.