Sometimes we forget about breaches when they are out of the immediate news cycle. Here is a reminder that some ransomware attacks have long-lasting impacts. Athena Stavrou reports:
Home to more than 170 million items, including Magna Carta, the British Library is one of the world’s largest and most impressive book collections.
However, in October 2023, a major cyber attack plunged it into chaos, shutting down its digital systems and resulting in the leaking of staff details onto the dark web.
Two years on, staff – who are striking due to a pay dispute – have said the disruption is still creating chaos and considerably increasing their workload.
They say they have faced abuse as a result of the ongoing issues, while some have had to make major changes in their personal lives after their personal details were leaked.
[…]
While they now use a digital form to place orders, staff still have to input information manually, which takes considerably longer.
Meanwhile, dozens of services at the library are still unavailable, including ebooks, its archives and manuscripts catalogue, and online journal articles. This has meant staff have suffered abuse from frustrated members unable to access the materials needed.
Read more at The Independent.
The October 2023 attack was a ransomware attack by Rhysida. The threat actors subsequently leaked employee data. A check of its dark web leak site today shows that the listing claiming 573 GB comprising 490,191 files is still online, as is the data tranche.
Paying a ransom is discouraged because it only funds future criminal acts, and there is no guarantee that data will be recovered and not re-ransomed or sold. Library personnel have never discussed publicly whether they regret not paying the £600,000 ransom demand, and it was never revealed whether they had negotiated with Rhysida at all. If the library had known then what the next two years would be like and that the problems would be ongoing, would they have made a different decision?