The UK’s regulator for privacy and data protection has praised the cultural institution for its transparency and, after issuing guidance, is confident that the ‘appropriate security measures are in place’
The Information Commissioner’s Office has commended the British Library for the openness with which it has responded to a major cyberattack in 2023 – and decided that the incident does not warrant a full investigation.
The ransomware assault on the institution – a government body overseen by the Department for Culture, Media and Sport – took place in October 2023. In the weeks and months afterwards, the British Library suffered significant disruption to its website, digital services, and onsite IT systems.
The attack was swiftly reported to the ICO. In a newly published statement, the data-protection watchdog says that the cyber incident “escalated because of the lack of multi-factor authentication on an administrator account”.
Despite identifying this security shortcoming, the statement goes on to praise the British Library’s response – in particular for its candour. And, after thorough consideration of the details of the incident, the ICO has opted against probing the matter further and more formally.
Related content
- MoD signs £1.5m deal for ‘cyber adversary simulation’
- Cyber Security Week: Analysis – how and where are attackers getting in?
- Downing St updating secret contingencies for Russia cyberattack, report claims
“Following the incident, the British Library published a cyber incident review in March 2024, which provided an overview of the cyberattack and key lessons learnt to help other organisations that may experience similar incidents,” the regulator’s statement said. “We commend the British Library for being open and transparent about its system vulnerabilities that contributed to the incident, the impact it has had, and the improvements made so far to protect people’s personal information.”
It added: “Having carefully considered this particular case, the Information Commissioner decided that, due to our current priorities, further investigation would not be the most effective use of our resources. We have provided guidance to the British Library, which has reassured us about its commitment to continue to review and ensure that appropriate security measures are in place to protect people’s data.”
With its main site located next to King’s Cross station in London, the British Library serves as the UK’s national library, maintaining a collection of more than 170 million items.
“We have millions of books, but we have so much more,” the organisation’s website says.” Our London and Yorkshire sites have everything from newspapers to sound recordings, patents, prints and drawings, maps, and manuscripts.”
