British Library's customers have been informed that in the course of a recent ransomware assault, which has rendered the library's systems and website inaccessible for the last month, it is possible that their personal information was taken.
The British Library informed its customers this week—a message that TechCrunch has seen—that the hack, for which the Rhysida ransomware group has now taken credit, gained access to its customer relation management (CRM) systems.
"At a minimum, these databases contain the name and email address of most of our users. For users of some of our services, these databases may also contain a postal address or telephone number," the disclosure notice states.
Lishani Ramanayake, a representative at the British Library, refuses to disclose the estimate of the number of impacted clients.
A general view of the exterior signage at The British Library on November 23, 2023, in London, England. Rhysida, a ransomware group, has claimed responsibility for the October 31 cyber attack, leading to the leakage of employee data, including passport photos and HMRC employment records.
Clients' Sensitive Data Stolen by Hackers
As stated on their dark web leak site, the Rhysida gang claims that 90% of the information that was stolen from the British Library has been made public. The listing said that there are more than 490,000 files, with a total size of 573 gigabytes, something that the British Library did not argue about.
Dark web leak sites are often used by ransomware organizations to force victims into paying a ransom for data.
Approximately $740,000 worth of cryptocurrency was the asking price when the Rhysida gang first listed the data for sale. The publicly accessible data includes sensitive employee information (such as pay details and passport scans), as well as internal documents (such as training records and invoices).
Also Read: Hackers Could Take Full Control of ownCloud's Servers Due to Security Vulnerability
Data Breach That Started in October
According to an earlier update provided last week, the British Library has verified that there was an internet breach of what appears to be from the library's internal human resources files. Back then, the company said it had "no evidence" of a data breach involving its customers.
The British Library has now come clean about the fact that it has outsourced all payment processing to third-party suppliers, thus users' financial information was not compromised in the hack.
"We are, therefore, confident that no credit or debit card data was on the affected network, and that any card details you may have used to make purchases with us," the library stated.
The incident, which began in October, has affected the British Library's website, online systems, and some on-site services, including access to collection objects. As a result of the cyber breach, the British Library is now suffering a "major technology outage," it said in a post on X (previously Twitter).
While the library hopes to restore additional services in the next weeks, it has already announced that certain services will be unavailable for at least "several months."
We’re continuing to experience a major technology outage as a result of a cyber-attack. This is affecting our website, online systems and services, as well as some onsite services.
— British Library (@britishlibrary) November 24, 2023
Our St Pancras and Boston Spa sites are open, and you can find details of the services available,… pic.twitter.com/GPFaZN9iZ4
Also Read: China Allegedly Harassing AmericaownCloud'sorld's Largest Disinformation Scheme
