British Library Pays A High Price To Recover From A Cyber Attack

The British Library, one of the world’s most renowned cultural institutions, will need to spend about 40 per cent of its financial reserves to recover from a crippling cyber attack.  This attack hit one of the UK’s critical research institutions and has made the majority of its services inaccessible. 

The London-based library holds nearly 170mn pieces of work ranging from books to sound recordings, was knocked offline in October 2023 after a serious ransomware attack.

Ordinarily, authors and other copyright holders receive annual payments from Public Lending Right fund,  which is money earned by writers, illustrators and translators each time a book is borrowed. But not this year, as a result of the sever disruption to the British Library's systems.

Hackers published hundreds of thousands of stolen files online, including customer and personnel data, after the library refused to pay a £600,000 ransom. According to reports, it now faces spending about £6 million to rebuild its digital services, consuming a sizeable proportion of its £16.4m in unallocated reserves.

The British Library’s online catalogue remains unavailable. Physical sites are open, but users must wait while librarians run through logs and find items on shelves. Some of the library’s services are scheduled to return in the middle of January, including a reference-only version of its online catalogue.

The British Library paid £250,000 to the cyber security provider NCC Group to provide an initial response to the attack, according to procurement records. 

A British Library spokesperson said: “The final costs of recovering from the recent cyber attack are still not confirmed... The library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage.”

Hacking group Rhysida claimed responsibility for the breach in November last year. It published some 573 gigabytes of the British Library’s data after selling 10 per cent of the files to anonymous bidders through its Dark Web page. 

Rhysida became known to US authorities in  2023 and has links with Russian-affiliated Vice Society

Museums in the US including the MFA Boston, the Rubin Museum of Art and the Crystal Bridges Museum of American Art have experienced outages after a cyber attack hit a third-party technology services supplier that assists museums with both internal and customer-facing management systems.

The British Library’s service could remain down for more than a year, and the attack highlights the risks of a single institution playing such a dominant role in delivering essential services. 

It remains unclear how long it will take before the institution, one of five legal deposit libraries in Britain entitled to a copy of each piece of published work in the UK, is fully operational.

@britishlibrary:    Standard:    Independent:    FT:    Apollo Magazine:    Shropshire Star:   

Breaking News:     Guardian:    Image: Pixabay

You Might Also Read: 

British University Data Breaches Are A Lesson For All:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Stronger Civilian Cyber Defences In Ukraine
Abduction & Extortion Goes Online »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

ANIS

ANIS

ANIS represents the interests of Romanian IT companies and supports the development of the software and services industry.

Neurosoft

Neurosoft

Neursoft is a fully integrated ICT company with Software Development, System Integration and Information Technology Security capabilities.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

IntelliDyne

IntelliDyne

IntelliDyne is a leading information technology consulting firm enabling better mission performance through innovative technology solutions.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.