British Library

In October 2023, the British Library, a government-sponsored public body, was hit by a catastrophic ransomware attack carried out by a Rhysida affiliate. Attackers likely exploited a lack of multi-factor authentication on an administrator account to gain initial access, then encrypted critical on-premises data and destroyed servers to disrupt recovery efforts and conceal their activities. They exfiltrated approximately 600 GB of sensitive internal data, including personally identifiable information (PII) on staff and library users, which was subsequently offered for sale and later published on the dark web. The library estimates direct financial losses of £1.6 million, covering incident response, system restoration, and operational downtime. While cloud-based services such as email, finance, HR, and payroll remained intact, extensive rebuilding of legacy infrastructure is underway during an 18-month renewal phase focused on upgrades and migrations to more secure architectures. The UK Information Commissioner’s Office opted not to pursue formal penalties, instead commending the library’s transparency and providing guidance to strengthen its cybersecurity defenses going forward.

Source: https://www.infosecurity-magazine.com/news/ico-no-action-british-library/

TPRM report: https://scoringcyber.rankiteo.com/company/the-british-library

"id": "the300050125",
"linkid": "the-british-library",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Library and Information Services',
                        'location': 'United Kingdom',
                        'name': 'British Library',
                        'type': 'Government-sponsored public body'}],
 'attack_vector': 'Lack of multi-factor authentication on an administrator '
                  'account',
 'data_breach': {'data_exfiltration': '600 GB',
                 'personally_identifiable_information': 'Staff and library '
                                                        'users',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)']},
 'date_detected': 'October 2023',
 'description': 'In October 2023, the British Library, a government-sponsored '
                'public body, was hit by a catastrophic ransomware attack '
                'carried out by a Rhysida affiliate. Attackers likely '
                'exploited a lack of multi-factor authentication on an '
                'administrator account to gain initial access, then encrypted '
                'critical on-premises data and destroyed servers to disrupt '
                'recovery efforts and conceal their activities. They '
                'exfiltrated approximately 600 GB of sensitive internal data, '
                'including personally identifiable information (PII) on staff '
                'and library users, which was subsequently offered for sale '
                'and later published on the dark web. The library estimates '
                'direct financial losses of £1.6 million, covering incident '
                'response, system restoration, and operational downtime. While '
                'cloud-based services such as email, finance, HR, and payroll '
                'remained intact, extensive rebuilding of legacy '
                'infrastructure is underway during an 18-month renewal phase '
                'focused on upgrades and migrations to more secure '
                'architectures. The UK Information Commissioner’s Office opted '
                'not to pursue formal penalties, instead commending the '
                'library’s transparency and providing guidance to strengthen '
                'its cybersecurity defenses going forward.',
 'impact': {'data_compromised': '600 GB of sensitive internal data',
            'downtime': 'Operational downtime',
            'financial_loss': '£1.6 million',
            'identity_theft_risk': 'High',
            'operational_impact': 'Extensive rebuilding of legacy '
                                  'infrastructure',
            'systems_affected': 'on-premises data and servers'},
 'initial_access_broker': {'data_sold_on_dark_web': '600 GB of sensitive '
                                                    'internal data',
                           'entry_point': 'Lack of multi-factor authentication '
                                          'on an administrator account'},
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': ['Upgrades and migrations to '
                                                   'more secure architectures'],
                            'root_causes': 'Lack of multi-factor '
                                           'authentication'},
 'ransomware': {'data_encryption': 'Critical on-premises data',
                'data_exfiltration': '600 GB of sensitive internal data',
                'ransomware_strain': 'Rhysida'},
 'regulatory_compliance': {'regulatory_notifications': 'UK Information '
                                                       'Commissioner’s Office'},
 'response': {'communication_strategy': 'Transparency',
              'recovery_measures': ['System restoration',
                                    'Extensive rebuilding of legacy '
                                    'infrastructure'],
              'remediation_measures': ['Upgrades and migrations to more secure '
                                       'architectures']},
 'threat_actor': 'Rhysida affiliate',
 'title': 'British Library Ransomware Attack',
 'type': 'Ransomware'}