In a post to X, formerly Twitter, the institution said at the time: “We’re continuing to experience a major technology outage as a result of a cyber-attack. This is affecting our website, online systems and services, as well as some onsite services too.
London Public Library officials have confirmed it was a “cyberattack” that has shut down branches and hampered services, damage they’re working to undo with the help of an outside security firm.
Until Wednesday afternoon, they’d only referred to the Dec. 13 shutdown as a “cyber incident” – declining to be more specific amid questions over whether this was akin to the attack by hackers that hit the Toronto Public Library this fall. But a fuller picture of what occurred is now coming clear.
Article content
“The investigation has confirmed that the outage that occurred on Dec. 13 was the result of a cyberattack,” library spokesperson Ellen Hobin said. “At this time, the investigation has not determined whether personal information may be implicated.
“The library has also been communicating with the London Police Service in connection with the attack. It’s anticipated that the investigation and restoration to full operations will take more time.”
The attack shut down three of the 16 library branches and has limited its services. Those three branches – Carson, Lambeth and Glanworth – were closed in the immediate fallout of the incident and will remain closed until Jan. 2.
The statement comes seven days after the incident. It remains unclear whether any data was compromised or lost.
The attack shut down library phone lines, its website, staff emails, its digital catalogue and the public WiFi used by many Londoners who have no other option for internet access.
Related Stories
Article content
One local expert called the cyberattack yet another warning that no publicly funded organization is safe.
“This should be a wake-up call,” technology consultant Carmi Levy said. “Many have not given priority to cyber security awareness. It leaves them more vulnerable.”
Agencies need to take the risks more seriously, including staff training to avoid scams, he said. “More has to be dedicated to preparedness training and deterrence.”
If it is indeed a ransomware attack – in which hackers demand payment in…
Rhysida ransomware group lists British Library data for sale
Following the confirmation that the major outage it has been suffering since last month was the result of a cyber attack, data belonging to the British Library is reportedly for sale by the Rhysida ransomware group.
The threat actor posted a low-resolution image to its leak site with sample data, including passports and employment documents.
“With just seven days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” the ransomware group said on its leak site.
“Open your wallets and be ready to buy exclusive data.
“We sell only to one hand, no reselling, you will be the only owner.”
Rhysida held an auction to sell the stolen data, with the deadline for bidding ending on 27 November at 8am UTC.
The British Library is yet to confirm that the claims made by Rhysida are true, but it has taken to X (formerly Twitter) to say that its services are still down and that it is aware that some data was stolen.
“We’re continuing to experience a major technology outage as a result of a cyber attack, affecting our website, online systems and services, and some onsite services too,” said the British Library.
“We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.
“Following confirmation last week that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files.”
We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.… pic.twitter.com/Wdj7VfkWXa
— British Library (@britishlibrary) November 20, 2023
Despite data having been stolen, the British Library has failed to find any evidence that the data has been used. However, it has engaged security measures just in case.
“We have no evidence that data of our users has been compromised.
“In the meantime, we’ve taken targeted protective…
