Cyber criminals demand £600,000 ransom for stolen British Library data
The Rhysida group has demanded 20 Bitcoin (roughly £602,500) for the return of the stolen data
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A group of hackers has claimed responsibility for a cyber attack that has crippled the British Library for the past few weeks.
Ransomeware gang, the Rhysida group has demanded 20 Bitcoin (roughly £602,500) for the return of the stolen data, which includes employee passport scans and financial information.
Sharing censored images of data they’ve acquired in the hack on the dark web, including passport photos and HMRC records, the group have decided to auction off the data to the highest bidder.
The hackers have prevented the British Library from accessing its IT system by encrypting files and was demanding money in return for a unique decryption key.
According to The Telegraph, the hacking group’s online listing for the library data reads: “With just seven days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data.”
The British Library is home to more than 170 million items. Among major artefacts at the library are the Magna Carta – the first written constitution in European history – and handwritten lyrics by The Beatles.
Last month, the British Library confirmed that a “major technology outage” had impacted their operations.
The attack has brought down the library’s website, online systems and book ordering. As a result, some onsite payments are cash-only, and the public Wi-Fi has been disabled.
On Monday (20 November), the library issued an update on X/Twitter. A message on the organisation’s official account reads: “We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.”
After acknowledging that some data from their internal HR files had been leaked, the statement advised anyone with a British Library login who uses the same password elsewhere to change their details as a precautionary measure.
However, the library stated it has “no evidence that data of our users has been compromised”.
“In the meantime, we’ve taken targeted protective measures to ensure the integrity of our systems, and we’re continuing to investigate the attack with the support of NCSC, the Metropolitan Police and cybersecurity specialists,” the statement continued. “Thank you for bearing with us during this investigation. We’ll update you as soon as we can.”
The Independent has contacted the British Library for comment.
Sir Roly Keating, chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”
Ransomware breaches like these are typically motivated by financial gain, with hackers demanding money after using malware to infiltrate computer systems without consent or authorisation.
Rhysida has been linked to another hacking group called the Vice Society. According to Check Point Research, it is “one of the most active and aggressive ransomware groups”.
Other Rhysida victims include the University of the West of Scotland, the Chilean army, the city of Gondomar in Portugal and an operator of 16 US hospitals.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments