Rhysida threatens dark web auction of British Library data
Since reporting a "technical issue" on October 28, the library has faced significant disruption
Internal documents have been exposed following a ransomware assault on the British Library, paralysing its computer systems, website, phone network, and public Wi-Fi for over three weeks.
The Rhysida ransomware group has claimed responsibility, leaving library visitors to resort to manual catalog requests at the King's Cross location. The hacking group has since initiated a seven-day auction on its dark web platform, advertising stolen British Library data.
In a statement it said: "With just 7 days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner."
The group set a bid price of 20 bitcoins (approximately £600,000). If no bids are received, it has threatened to release the data.
HR data leaked
While the British Library has not officially commented on Rhysida's claims, it acknowledged on X (formerly Twitter) that some HR data has seemingly been leaked. It said there's no evidence of compromised user data but advises users to change passwords if using the same login elsewhere.
Since reporting a "technical issue" on October 28, the library has faced disruptions at its St Pancras and Boston Spa sites. On 14 November , it confirmed the ransomware attack, prompting a forensic investigation in collaboration with the Metropolitan Police and the National Cyber Security Centre (NCSC).
Rhysida's asking price for the British Library data is notably high but not unprecedented. In August 2023, data stolen from Prospect Medical Holdings fetched 50 bitcoins.
The FBI and the US Cybersecurity and Information Structure Agency (CISA) issued an advisory highlighting that the malware, identified in May 2023, operates as ransomware-as-a-service, with criminals gaining system access through known vulnerabilities like ZeroLogon or compromised VPN credentials.