The British Library has revealed that HR data was stolen and leaked in a recent ransomware breach.
The state-run institution, one of the world’s largest public libraries, only admitted last week that an October 28 incident was in fact caused by ransomware.
In a further update yesterday it revealed a little more detail.
“Following confirmation that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files,” it noted.
“We have no evidence that data of our users has been compromised. However, if you have a British Library login and your password is used elsewhere, we recommend changing it on other sites as a precautionary measure.”
Read more on the breach: British Library Still Reeling After Major Cyber Incident
It’s unclear why it took the library this long to reveal the data breach. Reports suggest that the group behind the attack, Rhysida, has posted images of the personal information it stole online in a bid to drum up interest from prospective buyers.
It has reportedly placed a starting price of 20 bitcoins (£749,000) on the “exclusive, unique and impressive” data, with a deadline for bids set at November 27.
Camellia Chan, CEO and co-founder of Flexxon, argued that the breach should be a wake-up call for business and IT leaders.
“HR files are treasure troves of data and a prime target for criminals,” she added. “A holistic and proactive approach, rather than reactive is crucial. Those that don’t do this, are practically inviting cybercriminals to take their data.”
Last week the British Library admitted that it could take months before its IT systems are fully recovered following the attack. It tweeted yesterday that public Wi-Fi had been restored throughout its buildings.
Image credit: pio3 / Shutterstock.com