British Library Pays A High Price To Recover From A Cyber Attack

The British Library, one of the world’s most renowned cultural institutions, will need to spend about 40 per cent of its financial reserves to recover from a crippling cyber attack.  This attack hit one of the UK’s critical research institutions and has made the majority of its services inaccessible. 

The London-based library holds nearly 170mn pieces of work ranging from books to sound recordings, was knocked offline in October 2023 after a serious ransomware attack.

Ordinarily, authors and other copyright holders receive annual payments from Public Lending Right fund,  which is money earned by writers, illustrators and translators each time a book is borrowed. But not this year, as a result of the sever disruption to the British Library's systems.

Hackers published hundreds of thousands of stolen files online, including customer and personnel data, after the library refused to pay a £600,000 ransom. According to reports, it now faces spending about £6 million to rebuild its digital services, consuming a sizeable proportion of its £16.4m in unallocated reserves.

The British Library’s online catalogue remains unavailable. Physical sites are open, but users must wait while librarians run through logs and find items on shelves. Some of the library’s services are scheduled to return in the middle of January, including a reference-only version of its online catalogue.

The British Library paid £250,000 to the cyber security provider NCC Group to provide an initial response to the attack, according to procurement records. 

A British Library spokesperson said: “The final costs of recovering from the recent cyber attack are still not confirmed... The library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage.”

Hacking group Rhysida claimed responsibility for the breach in November last year. It published some 573 gigabytes of the British Library’s data after selling 10 per cent of the files to anonymous bidders through its Dark Web page. 

Rhysida became known to US authorities in  2023 and has links with Russian-affiliated Vice Society

Museums in the US including the MFA Boston, the Rubin Museum of Art and the Crystal Bridges Museum of American Art have experienced outages after a cyber attack hit a third-party technology services supplier that assists museums with both internal and customer-facing management systems.

The British Library’s service could remain down for more than a year, and the attack highlights the risks of a single institution playing such a dominant role in delivering essential services. 

It remains unclear how long it will take before the institution, one of five legal deposit libraries in Britain entitled to a copy of each piece of published work in the UK, is fully operational.

@britishlibrary:    Standard:    Independent:    FT:    Apollo Magazine:    Shropshire Star:   

Breaking News:     Guardian:    Image: Pixabay

You Might Also Read: 

British University Data Breaches Are A Lesson For All:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Stronger Civilian Cyber Defences In Ukraine
Abduction & Extortion Goes Online »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

Vicarious

Vicarious

Vicarious identify the vulnerabilities in the software without involving the vendor and protect it before the hackers take advantage of it, even in compiled applications.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

Opus Security

Opus Security

Opus dramatically reduces cloud security risks by enabling teams to define, orchestrate, automate and measure remediation processes across the entire distributed organization.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.