In October 2023, the British Library fell victim to a substantial cyberattack orchestrated by the hacker group Rhysida. This incident, demanding a ransom of 20 bitcoin—approximately £596,000 at that time—has been characterized as "one of the worst cyber incidents in British history," as services experienced extensive disruptions lasting several months.
"one of the worst cyber incidents in British history,"
When the British Library refused to comply with the ransom demands, Rhysida retaliated by leaking about 600GB of sensitive data. The attack's impact has been severe, leading to a significant restructuring in the library's cybersecurity measures and financial planning. "It has been a challenging time," said a library spokesperson, emphasizing the commitment to restoring services.
"It has been a challenging time,"
The main catalogue of the British Library returned to a read-only format on 15 January 2024, signaling a step toward recovery, although many services remain unavailable. The library plans to allocate a substantial portion of its financial reserves—estimated at £6 to £7 million—toward rebuilding its systems and safeguarding against future incursions.
Impact and Legacy
Contextually, the British Library stands as the largest library in the UK, housing approximately 14 million books and countless historical items. It has long been protected by firewalls and antivirus software; however, a crucial lack of multi-factor authentication (MFA) across all organizational assets was identified as a significant vulnerability. A library report noted, "...for reasons of practicality, cost and impact on ongoing Library programmes, it was decided at this time that connectivity to the British Library domain would be out of scope for MFA implementation."
These decisions were made amid the COVID-19 pandemic, during which the Library had to quickly adapt its infrastructure to facilitate access for third-party providers. Unfortunately, these adaptations, including the installation of a new Terminal Services server in February 2020, unwittingly opened new doors for cyber threats as unauthorized access was first detected on this server during the assault.
Rhysida, the group behind the attack, is categorized as a ransomware as a service provider, with a history of targeting critical infrastructures such as academic institutions, healthcare entities, and government agencies. Known to intelligence services since May 2023, the group had previously infiltrated systems as diverse as the Chilean Army and medical facilities in Australia.
The attack on the British Library is emblematic of a broader trend of cyber assaults against cultural institutions. Similarly, the Metropolitan Opera in New York City and the Natural History Museum in Berlin have also suffered significant breaches recently, indicating a concerning rise in threats toward the sector.
On 20 November 2023, Rhysida publicly claimed responsibility for the breach, further announcing a week-long auction of 490,191 data files on the dark web, beginning at the same 20 bitcoin asking price. Just a week later, on 27 November, the group made 90 percent of the stolen data available for free download, a drastic move that underscores the urgency of evaluating cybersecurity measures across various institutions.
Looking Ahead
The British Library's attack serves as a stark reminder of the vulnerabilities that many educational and cultural organizations face in the digital age. With the necessity for robust cybersecurity strategies becoming increasingly evident, the library's leadership has acknowledged the urgent need to fortify their defenses against future attacks.
Career Journey
As the British Library continues its recovery journey, other institutions are left to ponder their security protocols, while becoming increasingly aware of the growing threat posed by sophisticated cybercriminals like Rhysida. The event not only highlights the vulnerabilities of the library's infrastructure but also the urgent need for comprehensive cybersecurity measures in safeguarding vital cultural heritage.
