More than two months after a significant cyber-attack, the British Library continues to grapple with major technological disruptions, as confirmed by the Chief Executive, Sir Roly Keating, in its most recent update. The attack, which occurred in late October, is described as a ransomware attack by a known criminal group, severely impacting the library’s online and onsite services.
It has been operating a temporary site in the interim to continue its regular events and keep the venue open.
Ongoing service disruptions
Despite efforts to restore services, the Library’s online systems, including the website and various digital resources, remain largely unaccessible. Sir Roly Keating, in an in-depth blog post entitled “Knowledge under attack,” highlighted the extensive damage inflicted by the attack.
“[The attackers] also copied a significant chunk of our data, which they attempted to auction online and, a month later, released most of it onto their site on the dark web.”
Sir Roly Keating, British Library Chief Executive
He disclosed that almost 600 gigabytes of data were leaked online, including some personal user information.
The Library has informed its users and provided guidance from the National Cyber Security Centre (NCSC) on how to protect themselves, including updating passwords on other systems.
The British Library ranks among the world’s most expansive, boasting an estimated 200 million items stored across 400 miles of shelving.
Highlights of its collection encompass the Magna Carta, original Beatles lyrics in their own handwriting, and the most extensive surviving collection of Geoffrey Chaucer’s works. The latter, after a two-and-a-half-year project, has only recently been digitised and made accessible online.
Impact on library operations
The cyber incident has severely impacted the library’s operations, especially in the Reading Rooms in London and Yorkshire. Access to collection items and digital services like the EThOS collection of doctoral theses has been impeded. However, physical sites remain open, with exhibitions and events proceeding as scheduled.
Library’s response and recovery efforts
The Library has been working on analysing the leaked data, a process expected to take several months. They have collaborated with the Metropolitan Police and cybersecurity advisors, receiving assistance from the NCSC.
Keating stressed the “great paradox for knowledge institutions in the digital age,” which includes “the amazing possibilities that technology enables,” as well as “the ever-increasing challenge in keeping our digital heritage safe from attack.”
Outlook and restoration plans
Keating expressed optimism regarding the phased return of key services starting from January 15th, including a reference-only version of the main catalogue. He recognised the patience and support of the library’s community during this challenging period and reiterated the commitment to a meticulous and secure restoration process.
“We know that the journey to full recovery will be a long one, but the weeks since the cyber-attack have demonstrated to me in abundance the expertise, energy and commitment to public service of our staff.”
Sir Roly Keating, British Library Chief Executive
A call for increased vigilance
In his reflections, Keating urged for heightened awareness and vigilance against such cyber threats, emphasising the necessity of staying informed and protected against identity fraud and similar risks. It has also been pointed out by some that the gravity of the incident has not be adequately addressed.
The experience faced by the British Library showcases how cultural and educational institutions are vulnerable to a possible cyber-attack, spotlighting the need for robust security measures and public vigilance in the digital era.