Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The British Library will drain about 40 per cent of its reserves to recover from a cyber attack that has crippled one of the UK’s critical research bodies and rendered most of its services inaccessible.
The London-based institution, which stores nearly 170mn pieces of work ranging from books to sound recordings, was forced offline in October after a “deep and extensive” ransomware attack.
Hackers published hundreds of thousands of stolen files online, including customer and personnel data, after the library refused to pay a £600,000 ransom. But it will now be forced to spend about 10 times that amount rebuilding most digital services at an estimated cost of £6mn-£7mn, according to a person familiar with the matter, consuming a sizeable proportion of its £16.4mn in unallocated reserves.
The British Library’s online catalogue remains unavailable. Physical sites are open, but users must wait while librarians run through logs and find items on shelves.
The British Library said it was in “close and regular contact” with its government sponsor the Department for Digital, Culture, Media and Sport (DCMS) but no formal bid had been made for government funds and it “maintains its own financial reserve to help address unexpected issues”.
A government insider confirmed that the British Library would be expected to draw down from its reserves to recover following the attack. The library and the DCMS declined to comment on the estimated cost, which could change.
Academics and authors, particularly those based outside of London, have been hamstrung by a lack of services.
Matthew Eddy, a history professor at Durham University, said he had been unable to complete a grant application and some of his work has been placed in “limbo”. “Before the attack, I used it on a weekly, sometimes daily, basis.”
Other users criticised the library for taking more than a month to notify them of the cyber attack.
Some of the library’s services are scheduled to return in the middle of January, including a reference-only version of its online catalogue. It is unclear how long it will take before the institution — one of five legal deposit libraries in Britain entitled to a copy of each piece of published work in the UK — is fully operational.
The British Library paid £250,000 to the cyber security provider NCC Group to provide an initial response to the attack, according to procurement records.
Hacking group Rhysida claimed responsibility for the breach in November last year. It published some 573 gigabytes of the British Library’s data after selling 10 per cent of the files to anonymous bidders through its dark web page.
Rhysida became known to US authorities in May 2023 and has links with Russian-affiliated Vice Society, according to the US government. It later penetrated King Edward VII’s Hospital in London and the state-owned Energy China.
Cyber-intelligence experts said the British Library’s service could remain down for more than a year, while the attack highlighted the risks of a single institution playing such a prominent role in delivering essential services.
“We do have these single points of failure in our economy and societies that we don’t really think about as being vulnerable,” said Jamie MacColl, a fellow at the Royal United Services Institute, a think-tank. “It’s quite a useful wake-up call for thinking about critical national infrastructure.
Pat McFadden, Labour MP and shadow chancellor of the Duchy of Lancaster, said: “Weaknesses in cyber security pose serious threats to our broader national security . . . It is critical that protections are in place to defend British institutions from attacks by hostile actors.”