The British Library, home to over 170 million items including historically significant documents like the Magna Carta, suffered a **major cyber attack in October 2023** that crippled its digital systems. The attack led to the **leak of staff personal details (addresses, passport scans) on the dark web** after the library refused to pay a £600,000 ransom. Two years later, the disruption persists: **services like ebooks, archives, and online journals remain unavailable**, forcing staff to manually process orders, increasing workloads, and exposing them to abuse from frustrated users. Employees, some of whom had experienced domestic abuse, faced severe consequences, including **relocation due to exposed addresses**, constant fraudulent communications, and financial strain. Over **300 staff went on strike** on the attack’s second anniversary, citing below-inflation pay rises (2.4%), unaddressed pay shortfalls, and the emotional toll of sustained operational chaos. The attack’s long-term impact includes **reputational damage, operational paralysis, and ongoing staff exploitation**, with no full system recovery in sight.
Source: https://www.independent.co.uk/news/uk/home-news/british-library-strike-cyber-attack-b2855495.html
TPRM report: https://www.rankiteo.com/company/the-british-library
"id": "the4992549110125",
"linkid": "the-british-library",
"type": "Cyber Attack",
"date": "10/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Library users (global), staff '
'(300+)',
'industry': 'Culture/Education',
'location': 'London, UK',
'name': 'British Library',
'size': 'Large (170+ million items, 300+ staff on '
'strike)',
'type': 'National Library'}],
'customer_advisories': ['Service disruption notices',
'Apologies for prolonged outages'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Database records',
'Scanned documents (passports)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, government-issued IDs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Employment records',
'Passport scans',
'Addresses']},
'date_detected': 'October 2023',
'date_publicly_disclosed': 'October 2023',
'description': 'A major cyber attack in October 2023 disrupted the British '
"Library's digital systems, leading to the leak of staff "
'personal details on the dark web. The attack caused prolonged '
'operational chaos, manual workflows, and increased workload '
'for staff. The library refused to pay a £600,000 ransom, '
'resulting in ongoing disruptions, fraudulent communications, '
'and staff strikes over pay disputes two years later.',
'impact': {'brand_reputation_impact': ['Negative publicity',
'Staff dissatisfaction',
'Public criticism over pay disputes'],
'customer_complaints': ['User frustration',
'Abuse toward front-facing staff',
'Physical objects thrown at staff'],
'data_compromised': ['Staff personal details (addresses, passport '
'scans)',
'Operational data'],
'downtime': 'Ongoing (2+ years as of 2025)',
'identity_theft_risk': ['Fraudulent calls/emails/texts to staff',
'Exposed addresses/passport scans on dark '
'web'],
'operational_impact': ['Manual workflows (paper-based orders)',
'Increased staff workload',
'Service unavailability',
'Staff abuse from frustrated users',
'Strikes due to pay disputes'],
'systems_affected': ['Digital ordering systems',
'Ebooks',
'Archives and manuscripts catalogue',
'Online journal articles',
'Library management systems']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['Staff PII',
'Library management '
'systems']},
'investigation_status': 'Ongoing (as of 2025)',
'lessons_learned': ['Critical reliance on digital systems in modern libraries',
'Need for robust incident response and staff support',
'Long-term operational impacts of ransomware refusal',
'Importance of addressing staff welfare post-breach'],
'motivation': ['Financial (ransom demand)', 'Disruption'],
'post_incident_analysis': {'corrective_actions': ['Partial system '
'restorations',
'Union negotiations for '
'staff pay',
'Dark web monitoring for '
'leaked data'],
'root_causes': ['Inadequate cybersecurity defenses '
'(specifics undisclosed)',
'Lack of redundant manual systems',
'Delayed recovery timeline']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': '£600,000'},
'recommendations': ['Invest in cyber resilience and backup systems',
'Improve staff compensation and mental health support',
'Enhance dark web monitoring for leaked data',
'Accelerate system restoration to reduce manual workloads',
'Transparency in post-incident communications'],
'references': [{'date_accessed': '2025-10-XX',
'source': 'The Independent',
'url': 'https://www.independent.co.uk'}],
'response': {'communication_strategy': ['Public acknowledgment of impact',
'Union engagements for pay disputes'],
'containment_measures': ['Refusal to pay £600,000 ransom',
'Manual workflows implemented'],
'incident_response_plan_activated': True,
'recovery_measures': ['Gradual service restoration',
'Negotiations with trade unions'],
'remediation_measures': ['Partial system restoration (digital '
'forms for orders)',
'Ongoing recovery efforts']},
'stakeholder_advisories': ['Trade union (PCS) engagements',
'Public statements on pay disputes'],
'title': 'British Library Cyber Attack (October 2023)',
'type': ['Cyber Attack', 'Ransomware', 'Data Breach']}