The British Library has told customers that their personal data may have been stolen in a recent ransomware attack that knocked library systems and websites offline last month.
In a notice sent to customers this week, seen by TechCrunch, the British Library said its customer relationship management (CRM) databases were accessed during the cyberattack, claimed by the Rhysida ransomware. gang with responsibility.
“At a minimum these databases contain the name and email address of most of our users,” the disclosure notice reads. “For users of some of our services, these databases may also contain a postal address or telephone number.”
It is not known how many customers have been affected, and British Library spokesperson Lishani Ramanayake declined to comment when asked by TechCrunch.
In a listing on its dark web leak site, the Rhysida gang claims to have published 90% of the data it stole from the British Library. According to the list, seen by TechCrunch, it includes more than 490,000 files, amounting to 573 gigabytes, which the British Library did not dispute when asked. Ransomware gangs often publish files on their dark web leak sites to extort victims into paying a ransom.
The Rhysida gang previously posted data for the sale of about $740,000 worth of cryptocurrency at the time of publication.
TechCrunch examined portions of the published data, including various internal documents, such as training information and invoices, and sensitive employee information, such as salary details and scanned passports.
In an earlier update published last week, the British Library confirmed that some internal data had been leaked online, “apparently from our internal HR files.” At the time, the organization said it had “no evidence” that customer data had been compromised.
The British Library said in its latest disclosure that customers’ payment information was not included in the leak because all payment processing was outsourced to third-party payment providers.
“Therefore, we are confident that no credit or debit card data is on the affected network, and that any card details you may have used to make purchases with us,” the library said.
The British Library’s systems were first compromised in October and the incident continues to affect the library’s website, online systems, and some site services, including access to collection items. Its website currently displays a message saying that the British Library is experiencing a “major technology outage” due to a cyber incident.
The library said that although it “expects to restore many services in the next few weeks,” the disruption to some services is expected to “continue for several months.”
Do you have more information about the cyberattack on the British Library? You can contact Carly Page safely on Signal on +441536 853968 or via email. You can also contact TechCrunch via SecureDrop.