Cyber Attack on The British Library

In this section
Cyber Attack on The British Library

The British Library has recently been impacted by a major cyber-attack, resulting in widespread outages of their technical infrastructure and services. This is yet another harsh reminder of the cyber threat we face as an organisation and as individuals. Below we explore the nature of the attack, its impact, and how you can help protect yourself and the University from the fallout of this type of attack.

What Happened?

In late October/early November a hacking group known as Rhysida successfully executed a ransomware attack against The British Library. There is no reported attack vector as yet, but similar attacks have started through just one phishing email being clicked on.

Ransomware is a type of malware which can make data inaccessible and services unusable by encrypting files across the organisational IT infrastructure. Initially, attackers will ask for a ransom payment for the data to be decrypted. However, as organisations are rightly becoming reluctant to pay ransoms, even when legal to do so, the attackers now tend to employ “double extortion” tactics, whereby in addition to encrypting data, they also take a copy and threaten to leak or resell the data if the demands are not met.

Impact of the attack

The attack has rendered much of the national library’s services unavailable, with ongoing significant disruption expected to continue for several more weeks at minimum. This has severely inhibited book lending, seat booking and stock management.

Additionally, huge amounts of the sensitive library data have been deliberately leaked as a result of the attack. It was initially reported that only personal data relating to staff had been breached, however it has since been confirmed that customer data was also affected.

This data is reported to include reader names and email addresses at a minimum but depending on services used, may also include telephone numbers and postal addresses.

It appears that a portion of the data was sold initially, with the remainder now publicly available on the Dark Web.

The wider impact of Cybercrime

Aside from the initial disruption to business and significant cost of recovering services, the reputational fallout of a ransomware attack can affect organisations for many years.

Furthermore, the data released because of the attacks can lead to financial losses for individual victims of fraud (as we will explore below) causing huge amounts of stress and anxiety for those individuals. This also increases the defence burden on public services, directly impacting the taxpayer, and on private businesses, increasing the cost of living which ultimately leads to a cost on the wider economy.

The risk to individuals

Having your data exposed in breaches like this raises serious personal risk of fraud.

Password Reuse - Many people are guilty of reusing the same password across multiple services, especially for accounts they see as unimportant or have not used in a long time. However, this can cause a breach of one service to lead to a breach of many others.

Anyone who has ever had an account with The British Library, either using a personal or University email account, should assume that the password is now publicly available. Due to the issues with the library systems, it is possible you will not be able to change your password directly with them, however if you have used the same or similar passwords on any other online service, you should change all of these immediately.

Our top tips on protecting your online accounts:

  • Password management - We recommend using a password manager to help create and track strong, unique passwords. See our previous article on password management: https://www.abdn.ac.uk/staffnet/news/13064
  • Multi Factor Authentication - We enforce Multi Factor Authentication on University accounts, and strongly encourage you to enable it on all personal accounts where available. Additionally, we recommend using an authenticator app such as Google Authenticator or Microsoft Authenticator rather than SMS or phone calls (but do use these methods if you can’t use an app).
  • Account Management - If you have any online accounts you no longer use, consider deleting them.

Heightened risk of Fraud and Phishing attacks – If your data has been released as part of this (or any other) breach, you will be at risk of targeted phishing emails, fraudulent telephone calls or credit fraud among other things.

 Our top tips on protecting yourself from cyber related fraud:

  • Be Suspicious - You should be extremely wary of calls or emails from unknown sources. If the caller/sender is trying to create a sense of panic or urgency they may be utilising social engineering techniques to persuade you to do something you shouldn’t.
  • Check Your Credit - We recommend signing up for a reputable credit checking agency so that you can monitor any potential identity theft or credit being taken out in your name.
  • Dark Web Monitoring - The Information Security Team continuously monitor for any University related account information appearing on the Dark Web. You can do the same for personal accounts by using the “Have I been pwned” service to check if any of your email addresses and related data have been exposed in any known breach: https://haveibeenpwned.com/

For more information on limiting the impact of a data breach, see our previous article: https://www.abdn.ac.uk/staffnet/news/13931/

How you can help prevent an attack

Although the point of entry for The British Library attack has not been confirmed, phishing emails remain by far the most common way for attackers to gain an initial foothold within a target network.

That is why it is critical that all our staff and students remain vigilant for suspicious emails and report them as quickly as possible:

Report phishing:

If you receive a suspicious email, report it immediately by clicking the “Report Phishing” button in Outlook. The Information Security team check every report.

You can find detailed instructions on this here: https://www.abdn.ac.uk/staffnet/working-here/it-services/security.php#panel7228

Further Reading: 

See The British Library’s blog for official updates on the incident:

https://blogs.bl.uk/living-knowledge/2023/11/cyber-incident.html

See this article from The Register for further background on the attack:

https://www.theregister.com/2023/11/29/british_library_begins_contacting_customers/