The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library’s systems and website offline last month.
In a notice sent to customers this week, seen by TechCrunch, the British Library said its customer relationship management (CRM) databases were accessed during the cyberattack, for which the Rhysida ransomware gang has since claimed responsibility. responsibility.
“At a minimum, these databases contain the name and email address of most of our users,” the disclosure notice states. “For users of some of our services, these databases may also contain a postal address or telephone number.”
It’s not known how many customers are affected, and British Library spokesperson Lishani Ramanayake declined to say when asked by TechCrunch.
In a listing on its dark web leak site, the Rhysida gang claims to have released 90% of the data it stole from the British Library. According to the listing, seen by TechCrunch, this includes more than 490,000 files, totaling 573 gigabytes, which the British Library did not dispute when asked. Ransomware gangs usually post files on dark web leak sites to blackmail victims into paying a ransom.
The Rhysida gang previously put the data up for sale for about $740,000 worth of cryptocurrency at the time of publication.
TechCrunch has reviewed portions of the published data, including various internal documents such as training information and invoices, and sensitive employee information such as salary details and passport scans.
In an earlier update published last week, the British Library confirmed that some internal data had been leaked online, which “appears to come from our internal HR files”. At the time, the agency said it had “no evidence” that customer data had been compromised.
The British Library said in its most recent disclosure that customer payment details were not included in the leak, as all payment processing is outsourced to third-party payment providers.
“We are therefore confident that there was no credit or debit card data on the affected network and that any card details you may have used to make purchases with us are still secure,” the library said.
The British Library’s systems were first breached in October and the incident continues to affect the library’s website, electronic systems and some on-site services, including access to collection items. Its website currently displays a message saying the British Library is experiencing a “major technology outage” due to the cyber incident.
The library says that while it “expects more services to be restored in the coming weeks”, the disruption to some services is now expected to “persist for several months”.
Do you have more information about the cyber attack on the British Library? Carly Page can be reached securely on Signal on +441536 853968 or via e-mail. You can also contact TechCrunch via SecureDrop.
