The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that took the library’s systems and website offline for the past month.
In a notice sent to customers this week, which TechCrunch has seen, the British Library said its customer relationship management (CRM) databases were accessed during the cyberattack, which the Rhysida ransomware gang has since responsibility has been claimed.
“At a minimum, these databases contain the name and email address of the majority of our users,” the disclosure notice says. “For users of some of our services, these databases may also contain a postal address or telephone number.”
It is not known how many customers are affected, and British Library spokesperson Lishani Ramanayake declined to say when asked by TechCrunch.
In a listing on their dark web leak site, the Rhysida gang claims to have published 90% of the data they stole from the British Library. According to the listing, seen by TechCrunch, this includes more than 490,000 files, totaling 573 gigabytes, which the British Library did not dispute when asked. Ransomware gangs often post files on their dark web leak sites to extort victims into paying a ransom.
The Rhysida gang previously put the data up for sale for around $740,000 in cryptocurrency at the time of publication.
TechCrunch has reviewed parts of the published data, including various internal documents, such as training information and invoices, and confidential employee information, such as salary details and passport scans.
In a previous update published last week, the British Library confirmed that some internal data had been leaked online, which “appears to come from our internal HR files”. At the time, the organization said it had “no evidence” that customer data was compromised.
The British Library said in its most recent disclosure that customer payment information is not included in the breach as all payment processing is outsourced to third-party payment providers.
“Therefore, we are confident that there was no credit or debit card data on the affected network, and that any card data you may have used to make purchases with us,” the library said.
The British Library’s systems were first compromised in October and the incident continues to impact the library’s website, online systems and some on-site services, including access to collection items. Its website currently displays a message stating that the British Library is experiencing a “major technological disruption” due to the cyber incident.
The library says that while it “anticipates restoring more services in the coming weeks,” the disruption to certain services is now expected to “persist for several months.”
Do you have more information about the cyber attack on the British Library? You can contact Carly Page securely on Signal at +441536 853968 or by email. You can also contact TechCrunch via safe fall.
