An email that I have just received from the British Library (www.bl.uk), which I have received as someone who has subscribed to its Public Lending Rights scheme:
Important information about your data
You're being contacted because you have previously registered for the Public Lending Right scheme, which is administrated by the British Library.
You may have heard reports recently about a cyber-attack on the British Library, or read updates from us about this incident. We would like to make sure that you have the facts about what happened, what information is involved and the steps that we are taking to protect you.
What happened?
On 28 October 2023 we became aware of a cyber-attack that resulted in loss of access to the majority of our online systems. We took immediate action to secure our network from further attack. However, it had already caused damage to our data and systems, and we are still working with cybersecurity specialists to restore them. Having recently confirmed that this was a ransomware attack, we have now discovered evidence that the attackers are also likely to have copied some user data.
What information was involved?
Information from our internal management databases appear to have been accessed and copied. These contain the name, postal address and email address of many of our users, including PLR customers. If you support or use the Library in other ways you may receive a separate notification about other information that we hold about you.
There is currently no evidence that copies of passports or other identity documents used during PLR registration were compromised in the attack. We’re continuing to investigate the full extent of this incident and will update you when we know more.
What are we doing?
We are continuing to work with cybersecurity specialists to review the security of the rest of our systems, and to safely restore our services as soon as we can. We have already implemented additional security measures to defend against future attacks.
We are writing to all of our customers who may potentially be affected by this cyber-attack, so that you may take additional precautions to protect yourself. We have also notified the Information Commissioner’s Office (ICO) that it is likely that our customer data has been affected.
What can you do?
As a precaution we recommend changing any password on other online services that you may have used on our systems. If you have not already done so you should take this action immediately. The NCSC provides guidance on staying safe online, as well as specific guidance for individuals who may have been impacted by a data breach.
Over the coming months you should also be particularly alert for phishing emails and scam phone calls or text messages. The NCSC also offers advice on how to spot these types of attack.
Answering your questions
We’re really sorry, we know this email will be unsettling news to receive. Our community is at the heart of everything we do, and we’re putting all our available resources into investigating this incident and restoring our systems and the full range of our services. We hope that the above information gives you a clearer picture of the situation as it stands, as well as practical guidance that you can follow to ensure you stay safe online.
If you have any questions you can email us at plrauthorservices@bl.uk. Alternatively, you can contact our Data Protection Officer at data.governance@bl.uk.
We will also continue to provide regular updates through social media, our blog and a temporary web page we’ve set up.
Thank you for your understanding and patience at this time.
You can find more about the cyber attack on the Library's website at www.bl.uk, and via the BBC at https://www.bbc.co.uk/news/entertainment-arts-67544504.
The following message is also available on the Public Lending Rights page at https://plr.bl.uk/login, with log-ins temporarily suspended:
The British Library is continuing to experience a major technology outage, as a result of a cyber-attack. The outage is affecting our website, online systems and services. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer. We have now confirmed that this was a ransomware attack, by a group known for such criminal activity. We are aware that some data has been leaked, which appears to be from files relating to our internal HR information. We have no evidence that wider user data has been compromised. However, we are recommending as a precautionary measure that if users have a password for British Library services that they also use elsewhere, they should change it. The National Cyber Security Centre provides guidance on creating a secure password: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words . We have taken targeted protective measures to ensure the integrity of our systems, and we continue to undertake an investigation with the support of the National Cyber Security Centre (NCSC), the Metropolitan Police and cybersecurity specialists. As this investigation remains ongoing, we cannot provide further details at this time.
Chris
Order Tracing Your Belfast Ancestors in the UK at https://bit.ly/BelfastAncestors. Also available - Tracing Your Irish Ancestors Through Land Records, Sharing Your Family History Online, Tracing Your Scottish Family History on the Internet, Tracing Your Irish Family History on the Internet (2nd ed), and Tracing Your Scottish Ancestry Through Church and State Records - to purchase, please visit https://bit.ly/ChrisPatonPSbooks. For purchase in tthe USA visit https://www.penandswordbooks.com. Further news published daily on The Scottish GENES Facebook page, on Threads at @scottishgenesblog and via Mastodon at https://mastodon.scot/@ScottishGENES.