Rare Book Monthly

Articles - April - 2024 Issue

UPDATE: The British Library and Toronto Public Library are still recovering from ransomware cyber attacks which caused massive disruption of services and highlighted weaknesses in their IT systems

Both the British Library and the Toronto Public Library were victims of massive cyber attacks in October 2023.

Two of the world’s largest libraries, The British Library and the Toronto Public Library, were both victims of massive cyber attacks which disabled their computer systems and held them for ransom in October 2023.

 

The British Library is the national library of the UK with holdings of over 170 million items including books, newspapers, maps, sound recordings, patents and stamps. On Oct. 28th it was hit with a massive cyberattack by Rhysida, a hacker group.

 

A ransom of 20 bitcoin (around £596,000 = $754,000) was demanded to restore services and return the stolen data. The attack led to many of the Library's core systems remaining unavailable for months. When it became clear that the library would not comply with the ransom demand, the attackers auctioned 573GB of employees' personal data on the dark web.

 

The site reports that the Library is continuing to experience a major technology problem: “Our buildings are open as usual, however, the outage is still affecting our website, online systems and services, as well as some onsite services. This is a temporary website, with limited content outlining the services that are currently available, as well as what's on at the Library.”

 

On March 8, 2024 the Library issued an 18-page review including an Executive Summary and a detailed section on "Lessons Learned" from the event. (Link to full report read it here)

 

That section (pages 17-18) lists sixteen main points. Among the ones stressed by the library and outside commentators familiar with the situation were: antiquated “legacy” systems, an over-reliance on outsourced tech support, the failure to develop and compensate its own in-house IT expertise, the need for increased security precautions, as well as a greater emphasis on fast recovery after a security breach.

 

The document pointed out: “A significant part of the national collection, across multiple institutions, now exists in digital form – in some cases digital-only – and we all have a vital interest in ensuring that this vast and growing national asset is protected from increasingly sophisticated and destructive cyber-attacks."

 

It also focused on the need for cyber-risk awareness, especially at the upper levels of the organization, specifically: “All senior officers and Board members need to have a clear and holistic understanding of cyber-risk, in order to make optimal strategic investment choices. Current risks and mitigations should be frequently and regularly discussed at senior officer level. The recruitment of a Board member or Board-level adviser with cyber expertise is strongly recommended.”

 

Likewise, last year the Toronto Public Library (TPL), the largest public library system in Canada with 100 branches and over 26 million items in its collection, was also the target of a ransom cyber-attack in October 2023 which caused massive disruption and revealed similar weaknesses in the way information technology and data security is handled.

 

A January 2024 article in Library Journal reported that, “Although TPL managed to keep all of its 100 branches open and host programs throughout the ordeal, patrons were unable to access their library accounts online or use the library’s computers for more than two months. And while TPL has also continued to manually check out print books and other physical materials, the library has been unable to process holds or check the materials back in when they are returned.

 

We’ve got twelve 53-foot tractor trailers filled with returns—well over a million items,” Toronto’s City Librarian Vickery Bowles told LJ in early January 2024. “Ransomware is becoming so pervasive, and it’s affecting organizations dedicated to community well-being such as hospitals, schools, and libraries, of course. I really feel that public sector organizations are becoming targets.”

 

The Toronto Star reported the library system was the victim of Russian cyber extortion group Black Basta, which demanded a $10 million ransom.

 

According to the Library Journal story, TPL did not pay the ransom.

 

We didn’t for a number of reasons, not the least of which is just by paying a ransom you’re funding and fostering further criminal activity,” Bowles said. In addition, law enforcement agencies note that there is no guarantee that the criminals will provide the key to unencrypt an institution’s files once the ransom is paid or refrain from attacking a victim again.

 

Instead, TPL immediately shut down their systems, notified the city of Toronto and its cybersecurity team, the Toronto Police, and the Royal Canadian Mounted Police. TPL also began working with outside legal counsel with expertise in cybersecurity and a separate cybersecurity company to conduct a forensic analysis of the attack.”

 

In Feb. 2024 TLP issued a final report which, though not as detailed as the one from the British Library, stressed the need for improved cybersecurity policies, immediate access to appropriate tech support when a breach occurs, and rebuilding of their network.

 

In other media reports it appears that TLP is still not certain how much of its employee and patron data was compromised.

 

A long article on the cyber attack on the British Library was published in the New Yorker in Dec. 2023

 

Posted On: 2024-04-22 05:48
User Name: jeffro4226

I am sitting here smh wondering how it is possible that whoever is responsible for cybersecurity at these libraries did not have some type of warning system in place. For gods sake it is 2024. How is it possible that a complete take over of the system occurred and no one noticed? Hell if I sign in to my g- mail from an unknown computer I immediately receive notices on my phone etc. Inside job? No way no one knew until ransom notice showed up under their windshield wiper! LOL


Rare Book Monthly

  • Fonsie Mealy’s
    Summer Rare Book
    & Collectors’ Sale
    July 30-31, 2024
    Fonsie Mealy’s, July 30-31: U.S. / European Shipping Archive 1800-1814. The Widow Bermingham & Sons Collection. €7,000 to €10,000.
    Fonsie Mealy’s, July 30-31: Bunreacht na hÉireann. Constitution of Ireland. An important copy of the First Printing of De Valera’s new Constitution, approved in 1938. Signed by the Constitution Cabinet. €7,000 to €9,000.
    Fonsie Mealy’s, July 30-31: A Rare Complete Run of the Cuala Press Broadsides. €7,000 to €9,000.
    Fonsie Mealy’s
    Summer Rare Book
    & Collectors’ Sale
    July 30-31, 2024
    Fonsie Mealy’s, July 30-31: Grose (Francis). The Antiquities of Ireland, 2vols. folio London (for S. Hooper) 1791. Magnificent Hand-Coloured Copy - Only 25 Copies. €3,000 to €5,000.
    Fonsie Mealy’s, July 30-31: Cantillon (Richard). Essai sur la Nature du Commerce en General, Traduit de l'Anglois, Sm. 8vo London (Fletcher Gyles) 1756. €3,000 to €4,000.
    Fonsie Mealy’s, July 30-31: Gregory, (Lady Augusta). Spreading the News: The Rising of the Moon: The Poorhouse (with Douglas Hyde). Being Vol. IX of the Abbey Theatre Series. €3,000 to €4,000.
    Fonsie Mealy’s
    Summer Rare Book
    & Collectors’ Sale
    July 30-31, 2024
    Fonsie Mealy’s, July 30-31: Lavery (Lady Hazel). A moving series of three A.L.S. and a Telegram to Gen. Eoin O'Duffy, July-August 1927, expressing her grief at the death of Kevin O'Higgins. €3,000 to €4,000.
    Fonsie Mealy’s, July 30-31: Dampier (Wm.) Nouveau Voyage Autour du Monde, ou l'on descrit en particulier l'Isthme de l'Amerique…, 2 vols. in one, Amsterdam, 1698. €800 to €1,200.
    Fonsie Mealy’s, July 30-31: Howell (James). Instructions for Forreine Travel Shewing by what Cours, and in what Compasse of Time…, London, 1642. €800 to €1,200.
    Fonsie Mealy’s
    Summer Rare Book
    & Collectors’ Sale
    July 30-31, 2024
    Fonsie Mealy’s, July 30-31: Rowling (J.K.) Harry Potter and the Philosopher's Stone, 8vo, L. (Bloomsbury) 1999, First Edn., First Printing of Deluxe Collectors Edn. Signed. €800 to €1,200.
    Fonsie Mealy’s, July 30-31: James (Wm.) A Full and Correct Account of the Military Occurrences of The Late War Between Great Britain and The United States of America. 2 vols. Lond. 1818. €650 to €900.
    Fonsie Mealy’s, July 30-31: The Laws of the United States, Published by Authority, 3 vols. Philadelphia (Richard Folwell) 1796. €600 to €800.

Article Search

Archived Articles

Ask Questions