British Library says customer data was posted on the dark web after cyber attack
It comes after the group Rhysida claimed responsibility for the ransomware attack, which was carried out in October, and threatened to auction off the stolen data.
Cyber security experts at the Metropolitan Police and the National Crime agency are investigating the attack, which has been affecting the library’s website, online services like the reading rooms and its public wi-fi network.
Advertisement
Hide AdAdvertisement
Hide AdIn an email sent to customers, the library has warned customers who use the same password elsewhere to change it immediately and be “particularly alert for phishing emails and scam phone calls or text messages” in the coming months.
It added: “All of our payment processing is outsourced to secure third-party payment providers. We are, therefore, confident that no credit or debit card data was on the affected network, and that any card details you may have used to make purchases with us are still safe.”
In a statement, the library confirmed it was a ransomware attack and said there is “evidence that indicates” data has been published on the dark web.
It said: “We will continue to work with cybersecurity specialists to examine what this material is and we will be contacting our users to advise them of the practical steps they may need to take.
Advertisement
Hide AdAdvertisement
Hide Ad“If you have a password for British Library services that you use on other websites, we recommend you change it elsewhere as a precaution.”
The British Library has a branch in Boston Spa which holds around 3m books, 210,000 journals and an archive of almost every British newspaper published since 1840.
The 40-acre facility was built on the site of a WW2 armaments factory at Thorp Arch industrial estate. It has around 700 members of staff and receives 1,200 new newspapers each week.