British Library Pays A High Price To Recover From A Cyber Attack

Uploaded on 2024-01-09 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

The British Library, one of the world’s most renowned cultural institutions, will need to spend about 40 per cent of its financial reserves to recover from a crippling cyber attack.  This attack hit one of the UK’s critical research institutions and has made the majority of its services inaccessible. 

The London-based library holds nearly 170mn pieces of work ranging from books to sound recordings, was knocked offline in October 2023 after a serious ransomware attack.

Ordinarily, authors and other copyright holders receive annual payments from Public Lending Right fund,  which is money earned by writers, illustrators and translators each time a book is borrowed. But not this year, as a result of the sever disruption to the British Library's systems.

Hackers published hundreds of thousands of stolen files online, including customer and personnel data, after the library refused to pay a £600,000 ransom. According to reports, it now faces spending about £6 million to rebuild its digital services, consuming a sizeable proportion of its £16.4m in unallocated reserves.

The British Library’s online catalogue remains unavailable. Physical sites are open, but users must wait while librarians run through logs and find items on shelves. Some of the library’s services are scheduled to return in the middle of January, including a reference-only version of its online catalogue.

The British Library paid £250,000 to the cyber security provider NCC Group to provide an initial response to the attack, according to procurement records. 

A British Library spokesperson said: “The final costs of recovering from the recent cyber attack are still not confirmed... The library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage.”

Hacking group Rhysida claimed responsibility for the breach in November last year. It published some 573 gigabytes of the British Library’s data after selling 10 per cent of the files to anonymous bidders through its Dark Web page. 

Rhysida became known to US authorities in  2023 and has links with Russian-affiliated Vice Society

Museums in the US including the MFA Boston, the Rubin Museum of Art and the Crystal Bridges Museum of American Art have experienced outages after a cyber attack hit a third-party technology services supplier that assists museums with both internal and customer-facing management systems.

The British Library’s service could remain down for more than a year, and the attack highlights the risks of a single institution playing such a dominant role in delivering essential services. 

It remains unclear how long it will take before the institution, one of five legal deposit libraries in Britain entitled to a copy of each piece of published work in the UK, is fully operational.

@britishlibrary:    Standard:    Independent:    FT:    Apollo Magazine:    Shropshire Star:   

Breaking News:     Guardian:    Image: Pixabay

You Might Also Read: 

British University Data Breaches Are A Lesson For All:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Stronger Civilian Cyber Defences In Ukraine
Abduction & Extortion Goes Online »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

US Army Cyber Command (ARCYBER)

US Army Cyber Command (ARCYBER)

US Army’s Cyber Command (ARCYBER) is engaged in the real-world cyberspace fight today, against near-peer adversaries, ISIS, and other global cyber threats.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

NCIIPC's mission is to protect the Critical Information Infrastructure of India, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction.