The British Library has confirmed that personal data stolen in a cyber-attack has appeared online, apparently for sale to the highest bidder.
The attack was carried out in October by a group known for such criminal activity, said the UK’s national library, which holds about 14m books and millions of other items.
This week, Rhysida, a known ransomware group, claimed it was responsible for the attack. It posted low-resolution images of personal information online, offering stolen data for sale with a starting bid of 20 bitcoins (about £596,000).
Rhysida said the data was “exclusive, unique and impressive” and that it would be sold to a single buyer. It set a deadline for bids of 27 November.
The images appear to show employment contracts and passport information.
The library said it was “aware that some data has been leaked, which appears to be from files relating to our internal HR information”. It did not confirm that Rhysida was responsible for the attack, nor that the data offered for sale was information on personnel.
Academics and researchers who use the library have been told that disruption to the institution’s services after the serious ransomware attack was likely to continue for months.
This week, the library advised its users to change any logins also used on other sites as a precaution. It added: “We have taken targeted protective measures to ensure the integrity of our systems, and we continue to undertake an investigation with the support of the National Cyber Security Centre (NCSC), the Metropolitan police and cybersecurity specialists. As this investigation remains ongoing, we cannot provide further details at this time.”
The attack took place on 31 October. Since then, the library’s website has been shut down, with updates posted on X and emailed to members.
The library said: “The outage is affecting our website, online systems and services, as well as some onsite services including our reading rooms and public wifi. We anticipate restoring many services in the next few weeks but some disruption may persist for longer.”
Its sites in London and Yorkshire were open to the public as normal, it added.
Earlier this month, the FBI and the US Cybersecurity and Infrastructure Security Agency warned of the threat posed by Rhysida.
A joint statement said: “Threat actors leveraging Rhysida ransomware are known to impact ‘targets of opportunity’, including victims in the education, healthcare, manufacturing, information technology, and government sectors.”
The group is behind recent attacks on the Chilean army, the Portuguese city of Gondomar and the University of the West of Scotland.
An NCSC spokesperson said: “We are working with the British Library to fully understand the impact of an incident. Ransomware is the key cyber threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks.”
Roly Keating, the chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”
