British Library hack: Customer data offered for sale on dark web

The British Library says it has evidence that user data was hacked in a cyber attack and offered for sale on the dark web.

The library warned users who use the same password elsewhere to change it.

The attack, which took place on 31 October, is continuing to affect its website, online systems and some onsite services, a statement said.

The Rhysida ransomware group claim to be behind the attack, have said they will auction off the stolen data.

The cyber gang said last week that the price for data, that includes passport scans, was set at 20 Bitcoin (£596,459).

The British Library, the UK's largest, posted on X, external on Monday evening, saying: "Following last week's confirmation that this was a ransomware attack, we now have evidence that indicates the attackers might have copied some user data, and additional data appears to have been published on the dark web.

"We will continue to work with cybersecurity specialists to examine what this material is and we will be contacting our users to advise them of the practical steps they may need to take.

"If you have a password for British Library services that you use on other websites, we recommend you change it elsewhere as a precaution."

Last week the library confirmed that some employee data had been leaked in the attack and at that time there was "no evidence that data of our users has been compromised".

The Rhysida ransomware group said on Monday last week that it was behind the attack and shared an image to its leak site on the dark web showing various documents, some of which appear to be HMRC employment contracts and passports.

The BBC has not verified whether the data is real.

The cyber criminals said an auction for "exclusive, unique and impressive data" would end just before 08:00 GMT on 27 November, and would be sold to one single-party winner.

The group are also behind recent attacks on the Chilean army, the Portuguese city of Gondomar and the University of West of Scotland.