In October 2023, the British Library, a government-sponsored public body, was hit by a catastrophic ransomware attack carried out by a Rhysida affiliate. Attackers likely exploited a lack of multi-factor authentication on an administrator account to gain initial access, then encrypted critical on-premises data and destroyed servers to disrupt recovery efforts and conceal their activities. They exfiltrated approximately 600 GB of sensitive internal data, including personally identifiable information (PII) on staff and library users, which was subsequently offered for sale and later published on the dark web. The library estimates direct financial losses of £1.6 million, covering incident response, system restoration, and operational downtime. While cloud-based services such as email, finance, HR, and payroll remained intact, extensive rebuilding of legacy infrastructure is underway during an 18-month renewal phase focused on upgrades and migrations to more secure architectures. The UK Information Commissioner’s Office opted not to pursue formal penalties, instead commending the library’s transparency and providing guidance to strengthen its cybersecurity defenses going forward.
Source: https://www.infosecurity-magazine.com/news/ico-no-action-british-library/
"id": "the300050125",
"linkid": "the-british-library",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"