Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Three weeks after a cyberattack took down the British Library—one of the world’s largest athenaeums—alleged attackers appear to be leaking HR data stolen in the breach.
The library confirmed the leak on November 20 in a post on X, formerly Twitter, announcing that it believes “internal HR files” were exposed. The organization hastened to add that there is “no evidence that data of our users has been compromised,” but urged users with cards to change their passwords.
“In the meantime, we’ve taken targeted protective measures to ensure the integrity of our systems, and we’re continuing to investigate the attack with the support of NCSC, the Metropolitan Police, and cybersecurity specialists,” the library said.
Authorities first noticed the attack on Oct. 28, when hackers took down the library website, Bleeping Computer reported. Nearly a month later, on Nov. 27, the library announced on X that it is “continuing to experience a major technology outage as a result of a cyberattack. This is affecting our website, online systems, and services, as well as some onsite services.”
“Following last week’s confirmation that this was a ransomware attack, we now have evidence that indicates the attackers might have copied some user data, and additional data appears to have been published on the dark web,” the library added.
Hundred feet. The Rhysida ransomware gang claimed responsibility for the attack. US federal agencies released an advisory on Rhysida on November 15, warning that “Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates.”
The gang offered the internal data at auction on its dark web site, according to Bleeping Computer. The deadline for bids was November 27.
“Open your wallets and be ready to buy exclusive data,” the group wrote. “We sell only to one hand, no reselling, you will be the only owner!”
Slippery slope. As IT Brew has reported, ransomware groups have been leaking data online even after they receive payoffs.
The Center for Internet Security has raised concerns over ransomware gang release of school information, for example, when “cyber criminal organizations are still, six months or nine months later, posting that information on dark web forms for sale—irrespective of, sometimes, the victim paying,” as the group’s cyber threat intelligence manager TJ Sayers told us.