The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library’s systems and website offline for the past month.
In a notice sent to customers this week, which TechCrunch has seen, the British Library said that its customer relation management (CRM) databases were accessed during the cyberattack, for which the Rhysida ransomware gang has since claimed responsibility.
“At a minimum these databases contain the name and email address of most of our users,” the disclosure notice reads. “For users of some of our services, these databases may also contain a postal address or telephone number.”
It’s not known how many customers are affected, and British Library spokesperson Lishani Ramanayake declined to say when asked by TechCrunch.
In a listing on its dark web leak site, the Rhysida gang claims to have published 90% of the data it stole from the British Library. According to the listing, seen by TechCrunch, this includes more than 490,000 files, totaling 573 gigabytes, which the British Library did not dispute when asked. Ransomware gangs typically publish files on their dark web leak sites to extort victims into paying a ransom.
The Rhysida gang previously put the data up for sale for about $740,000 worth of cryptocurrency at the time of publication.
TechCrunch has reviewed portions of the published data, including various internal documents, such as training information and invoices, and sensitive employee information, like salary details and scans of passports.
In an earlier update published last week, the British Library confirmed that some internal data had leaked online, which “appears to be from our internal HR files.” At the time, the organization said it had “no evidence” that customer data was compromised.
The British Library said in its most recent disclosure that customers’ payment information is not included in the leak, as all payment processing is outsourced to third-party payment providers.
“We are, therefore, confident that no credit or debit card data was on the affected network, and that any card details you may have used to make purchases with us are still safe,” the library said.
The British Library’s systems were first compromised in October and the incident continues to affect the library’s website, online systems and some on-site services, including access to collection items. Its website currently displays a message stating that the British Library is experiencing a “major technology outage” due to the cyber incident.
The library says that while it “anticipates restoring more services in the next few weeks,” disruption to certain services is now expected to “persist for several months.”
Do you have more information about the British Library cyberattack? You can contact Carly Page securely on Signal at +441536 853968 or by email. You can also contact TechCrunch via SecureDrop.