- 8 ways I use Microsoft's Copilot Vision AI to save time on my phone and PC
- I prefer this OnePlus tablet over iPads for mobile entertainment - and it's on sale
- I found AirTag alternatives that are tough, loud, and compatible with Android phones
- The best AI for coding in 2025 (including two new top picks - and what not to use)
- 3 Apple devices you definitely shouldn't buy this month (and 9 to get instead)
ICO: No Further Action on British Library Ransomware Breach
The UK’s data protection regulator has said it will not press on with an investigation into the British Library’s catastrophic ransomware breach.
The October 2023 attack by a Rhysida ransomware affiliate led to the theft of 600GB of internal data, including personally identifiable information (PII) on users and staff, which was put up for sale and then published on the dark web.
The group was also able to encrypt critical data and systems and destroy some servers to disrupt system recovery and preserve its anonymity.
The library, which is a government-sponsored public body, claimed in March 2024 that losses due to the breach had already reached £1.6m ($2.1m). It is now working through an 18-month “renew” phase – building new IT infrastructure through upgrades, adaptations and new technology purchases.
However, the Information Commissioner’s Office (ICO) said in a statement yesterday that its time would be better served elsewhere, rather than to investigate whether punitive action is necessary.
“Having carefully considered this particular case, the information commissioner decided that, due to our current priorities, further investigation would not be the most effective use of our resources,” it noted.
“We have provided guidance to the British Library, which has reassured us about its commitment to continue to review and ensure that appropriate security measures are in place to protect people’s data.”
The decision is likely to have been made for several reasons: a lack of ICO resources, an ongoing “public sector approach” which tends to favor consultation over penalties for public bodies, and the library’s extensive postmortem report on the attack.
“Following the incident, the British Library published a cyber incident review in March 2024, which provided an overview of the cyber-attack and key lessons learnt to help other organizations that may experience similar incidents,” the ICO noted in its statement.
“We commend the British Library for being open and transparent about its system vulnerabilities that contributed to the incident, the impact it has had, and the improvements made so far to protect people’s personal information.”
Time to Rebuild
That 18-page report lays bare the challenges facing organizations that have to minimize risk across a potential large cyber-attack surface.
It’s unclear exactly how the threat group gained initial access to the library’s IT network, although compromise of privileged account credentials is most likely. However, the lack of multi-factor authentication (MFA) on an administrator account enabled the ransomware actors to escalate their attack, the ICO said.
The report highlighted the importance of upgrading to cloud-based systems. While the British Library’s cloud-based email, finance, HR and payroll systems were undamaged, its on-premises systems fared far worse.
Among other things, it has resolved to:
- Improve network monitoring
- Implement MFA on all internet-facing endpoints
- Segment its network
- Eliminate legacy infrastructure and apps
- Improve intrusion response processes
- Regularly train staff and review acceptable IT use policies
Image credit: cowardlion / Shutterstock.com
