The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that took the library’s systems and website offline over the past month.
In a notice sent to customers this week, seen by TechCrunch, the British Library said its customer relationship management (CRM) databases were accessed during the cyberattack, for which the Rhysida Ransomware gang has since claimed responsibility.
“At least these databases contain the name and email address of most of our users,” the disclosure notice said. “For users of some of our services, these databases may also contain a mailing address or phone number.”
It is not known how many customers are affected, and British Library spokesperson Lishani Ramanayake declined to say when asked by TechCrunch.
In a listing on its dark web leak site, the Rhysida gang claims to have published 90% of the data it stole from the British Library. According to the list, seen by TechCrunch, this includes more than 490,000 files, totaling 573GB, which the British Library did not object to when it requested it. Ransomware gangs usually post files on their dark web leak sites to blackmail victims into paying ransom.
The Rhysida gang had previously put the data up for sale for about $740,000 worth of cryptocurrency at press time.
TechCrunch reviewed portions of the published data, including various internal documents, such as training and billing information, and sensitive employee information, such as payroll details and passport scans.
In a previous update published last week, the British Library confirmed that some internal data had been leaked online, which “appears to be from our internal HR files”. At the time, the organization said it had “no evidence” that customer data had been compromised.
The British Library said in its latest disclosure that customers’ payment information was not included in the leak, as all payment processes are outsourced to external payment service providers.
“We are therefore confident that no credit or debit card data exists on the affected network, and that any card details you may have used to make purchases with us,” the library said.
The British Library’s systems were first compromised in October, and the incident continues to affect the library’s website, online systems, and some on-site services, including access to collection items. Its website currently displays a message stating that the British Library is experiencing a “major technology outage” due to the cyber incident.
The library says that while it “expects more services will be restored in the next few weeks,” some service outages are now expected to last “several months.”
Do you have more information about the cyber attack on the British Library? You can contact Carly Page securely on Signal on +441536 853968 or via e-mail. You can also contact TechCrunch via SecureDrop.