Harriet Sherwood 

‘A 22-carat disaster’: what next for British Library staff and users after data theft?

Progress made on restoring access after cyber-attack but there have been complaints of poor communication
  
  

The British Library. Rhysida, a known ransomware group, has claimed responsibility for the cyber-attack.
The British Library. Rhysida, a known ransomware group, has claimed responsibility for the cyber-attack. Photograph: Chris Howarth/UK/Alamy

It holds items dating from 1300BC to the present day, ranging from early manuscript copies of Homer’s Iliad to handwritten lyrics of Beatles songs including The Fool on the Hill and Yesterday.

Scholars, researchers, authors and students all use its facilities and archives, housed in a monolithic building in King’s Cross in central London and a second reading room in Boston Spa, Yorkshire.

But for the past 11 weeks, the British Library has been crippled by a major cyber-attack that shut down most of its services. Personal data of staff and “readers”, as its regular users are known, was stolen by the hackers and offered for sale on the dark web.

Readers have been subjected to difficulties and delays as staff have been forced to locate books, manuscripts and other items manually. Items held at the Boston Spa site – about a quarter of its collection – cannot be delivered to London.

About 20,000 published authors who get 13p (up to an annual maximum of £6,600) each time their books are borrowed from libraries under a system managed by the British Library will have their payments delayed as a result of the attack.

The library has suspended a visiting fellowship programme for 2024 and 2025 that supports academics, authors, educators, journalists and researchers from all over the world, with awards of up to £3,000 to spend two to three weeks exploring its collections.

It has, according to Sir Roly Keating, the library’s chief executive, been a “sobering couple of months”.

It is also a financial calamity: the Financial Times estimates that the attack will cost the library up to £7m, which will be drawn from its £16.4m unallocated reserves. Keating said the library was “yet to confirm what the full costs will be”.

The first indication that something was amiss came in late October. In a post on X, the British Library said it was experiencing “technical difficulties” and that its public wifi was down. It expected the problems to “continue for the next few days”.

Two days later, on 31 October, the British Library revealed it had been the victim of a cyber-attack, although the enormity of the hack was not made public. But the library did disclose that its investigation was being supported by the National Cyber Security Centre (NCSC) and other cybersecurity specialists.

The hackers reportedly demanded a ransom payment of £600,000, which the library declined to pay.

In late November, the library confirmed that personal data had been stolen in the attack and had appeared online, apparently for sale to the highest bidder.

Rhysida, a known ransomware group, claimed it was responsible. The group has struck sectors including education, government, healthcare, IT and manufacturing, and was behind recent attacks on the Chilean army, the Portuguese city of Gondomar and the University of the West of Scotland.

Rhysida said it was in possession of “exclusive, unique and impressive” data, posting online low-resolution images of personal information. The data included the personal information of readers and visitors, including their names and email addresses, and in some cases postal addresses and telephone numbers.

The library said it had taken “targeted protective measures” and advised readers to change any logins also used on other sites. It did not offer any further details.

One former staff member told the Guardian that the library had not responded to emails they had sent asking whether their personal data, including passport details, had been compromised.

“It’s quite frustrating – if someone has stolen your data, it’s quite helpful to know,” they said. “I don’t know how bad the problem is, and I feel they’re not being open and honest.”

A reader, who said the cyber-attack on a “magnificent public resource” was a “22-carat disaster”, also complained about inadequate communications. “They’re putting stuff on X or on their website, which means you have to go and look for information rather than it being sent to us,” he said.

The library has been less than forthcoming with journalists asking questions or for interviews about the cyber-attack, merely referring them to information on the library’s website and citing an “ongoing investigation” as the reason.

 

Leave a Comment

Required fields are marked *

*

*