The British Library has fallen victim to a serious cyber attack, with the thieves now threatening to auction off ‘exclusive, unique and impressive’ data that was stolen.

Rhysida ransomware group claimed responsibility for the attack and have teased some of the data which is up for sale – thought to be a handful of passport scans and HMRC employment documents, among other things, reports tech outlet The Register.

Despite the attack occurring almost three weeks ago, the British Library confirmed today (November 20) that it is still experiencing a “major technology outage” affecting its “website, online systems and services”, as well as some of its “onsite services” too.

While some issues have since been fixed, much is still affected – a major issue for the thousands of students or other people who want to borrow digitised versions of books and documents.

Meanwhile, Rhysida have announced that just one party will win the auction for all of the data. The starting bid has been set at 20 bitcoin, approximately £600,000, with the deadline in a week’s time on 27 November.

Writing on their website, they said: “With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data”.

The attack had a major impact on the Library, which is one of the biggest in the world. Users had to pay in cash while electronic payments were down, the WiFi was not working and order collection facilities were also limited.

The British Library has confirmed that “some data has been leaked” which “appears to be from our internal HR files”.

The post on X continued “we have no evidence that data of our users has been compromised,” although they recommended British Library users to change their password as a “precautionary measure” if it is used elsewhere.

They added that they “anticipate restoring many services in the next few weeks, but some disruption may persist for longer”, while also confirming they are working with the Met Police, National Cyber Security Centre, and “cybersecurity specialists” to investigate the attack.

Leave a Reply

Your email address will not be published. Required fields are marked *