Cyber criminals demand £600,000 ransom for stolen British Library data

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A group of hackers has claimed responsibility for a cyber attack that has crippled the British Library for the past few weeks.

Ransomeware gang, the Rhysida group has demanded 20 Bitcoin (roughly £602,500) for the return of the stolen data, which includes employee passport scans and financial information.

Sharing censored images of data they’ve acquired in the hack on the dark web, including passport photos and HMRC records, the group have decided to auction off the data to the highest bidder.

The hackers have prevented the British Library from accessing its IT system by encrypting files and was demanding money in return for a unique decryption key.

According to The Telegraph, the hacking group’s online listing for the library data reads: “With just seven days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data.”

The British Library is home to more than 170 million items. Among major artefacts at the library are the Magna Carta – the first written constitution in European history – and handwritten lyrics by The Beatles.

Last month, the British Library confirmed that a “major technology outage” had impacted their operations.

The attack has brought down the library’s website, online systems and book ordering. As a result, some onsite payments are cash-only, and the public Wi-Fi has been disabled.

On Monday (20 November), the library issued an update on X/Twitter. A message on the organisation’s official account reads: “We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.”

After acknowledging that some data from their internal HR files had been leaked, the statement advised anyone with a British Library login who uses the same password elsewhere to change their details as a precautionary measure.

However, the library stated it has “no evidence that data of our users has been compromised”.

“In the meantime, we’ve taken targeted protective measures to ensure the integrity of our systems, and we’re continuing to investigate the attack with the support of NCSC, the Metropolitan Police and cybersecurity specialists,” the statement continued. “Thank you for bearing with us during this investigation. We’ll update you as soon as we can.”

The Independent has contacted the British Library for comment.

Sir Roly Keating, chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”

Ransomware breaches like these are typically motivated by financial gain, with hackers demanding money after using malware to infiltrate computer systems without consent or authorisation.

Rhysida has been linked to another hacking group called the Vice Society. According to Check Point Research, it is “one of the most active and aggressive ransomware groups”.

Other Rhysida victims include the University of the West of Scotland, the Chilean army, the city of Gondomar in Portugal and an operator of 16 US hospitals.