The British Library is restoring its digital services after a cyber-attack that occurred 11 weeks ago. The library’s main catalogue, containing 36 million records of books, maps, journals, and music scores, is now accessible in a read-only format. However, full restoration of services could take until the end of the year. The library’s CEO, Sir Roly Keating, apologized for the inconvenience caused to researchers who rely on access to the library’s collection. The attack, which was claimed by ransomware group Rhysida, resulted in the theft of some employee data, which was being sold on the dark web. The library is working closely with the National Cyber Security Centre, the Metropolitan Police, and other cybersecurity specialists to deal with the aftermath of the attack.
Key points:
- The British Library is restoring its digital services after a cyber-attack that occurred 11 weeks ago.
- Access to the library’s main catalogue is now available in a read-only format, but full restoration of services could take until the end of the year.
- The attack was claimed by ransomware group Rhysida, and resulted in the theft of some employee data, which was being sold on the dark web.
- The library is working closely with the National Cyber Security Centre, the Metropolitan Police, and other cybersecurity specialists to deal with the aftermath of the attack.
The British Library is restoring online its main catalogue, containing 36m records of printed and rare books, maps, journals and music scores, 11 weeks after a catastrophic cyber-attack. However, access is limited to a “read-only” format, and full restoration of services provided by the UK’s national library could take until the end of the year.
“Full recovery of all our services will be a gradual process,” Sir Roly Keating, the library’s chief executive, said in a blogpost last week. He apologised that “for the past two months researchers who rely for their studies and in some cases of their livelihoods on access to the library’s collection have been deprived of it”. Rhysida, a known ransomware group, claimed responsibility for the attack on 31 October . In November, the library confirmed some employee data had been stolen in the attack and was being offered for sale on the dark web. The library’s main catalogue, an important tool for researchers around the world, has been inaccessible online since the hack.
Keating said: “Its absence from the internet has been perhaps the single most visible impact of the criminal cyber-attack … and I want to acknowledge how difficult this has been for all our users.”
The restoration online of the main catalogue will allow users to search for items, but the process of checking availability and ordering items for use in the library’s reading rooms will be different, said Keating. Further details were expected to be provided on Monday. Readers will also regain access to most of the library’s key special collections, including archives and manuscripts, but “for the time being” will need to come in person to consult offline versions of specialist catalogues.
“Although the processes may be slower and more manual than we’ve all been used to, this is the familiar heart of the library’s offering to researchers and restores a core element of our public service. It will be good to have it back,” Keating said.
The library hoped to make progress on restoring access to content held at its Boston Spa site near Leeds and to parts of its digital collections that are unavailable.
“It has been a sobering couple of months for all of us at the British Library,” Keating said. He apologised for the library’s failure to protect personal data belonging to users and staff. Earlier this month, the Financial Times claimed that the library would be forced to spend up to £7m – about 40% of its reserves – on rebuilding its digital services. The FT said the library had refused to pay a £600,000 ransom.
Keating said: “Recent press speculation about the possible cost of the recovery programme was premature as we have yet to confirm what the full costs will be.”
He said the library was putting in place workaround systems to ensure that payments to authors relating to books borrowed from public libraries would be paid by the end of March. The BL manages the UK Public Lending Right system which pays authors 13p, to a maximum of £6,600 a year, each time their books are borrowed.
Keating said: “We understand the vital importance of these payments to those who depend upon them, and many will have been understandably anxious since the cyber-attack about the impact on this year’s process.”
The library would give further details by the end of January, he said. In dealing with the fall out of the cyber-attack, the library has worked closely with the National Cyber Security Centre (NCSC), the Metropolitan police, the Department for Culture, Media and Sport and other cybersecurity specialists. The NCSC has said that ransomware is the “key cyber-threat facing the UK” and that organisations needed to “put in place robust defences to protect their networks”.