Rare Book Monthly

Articles - April - 2024 Issue

UPDATE: The British Library and Toronto Public Library are still recovering from ransomware cyber attacks which caused massive disruption of services and highlighted weaknesses in their IT systems

Both the British Library and the Toronto Public Library were victims of massive cyber attacks in October 2023.

Both the British Library and the Toronto Public Library were victims of massive cyber attacks in October 2023.

Two of the world’s largest libraries, The British Library and the Toronto Public Library, were both victims of massive cyber attacks which disabled their computer systems and held them for ransom in October 2023.

 

The British Library is the national library of the UK with holdings of over 170 million items including books, newspapers, maps, sound recordings, patents and stamps. On Oct. 28th it was hit with a massive cyberattack by Rhysida, a hacker group.

 

A ransom of 20 bitcoin (around £596,000 = $754,000) was demanded to restore services and return the stolen data. The attack led to many of the Library's core systems remaining unavailable for months. When it became clear that the library would not comply with the ransom demand, the attackers auctioned 573GB of employees' personal data on the dark web.

 

The site reports that the Library is continuing to experience a major technology problem: “Our buildings are open as usual, however, the outage is still affecting our website, online systems and services, as well as some onsite services. This is a temporary website, with limited content outlining the services that are currently available, as well as what's on at the Library.”

 

On March 8, 2024 the Library issued an 18-page review including an Executive Summary and a detailed section on "Lessons Learned" from the event. (Link to full report read it here)

 

That section (pages 17-18) lists sixteen main points. Among the ones stressed by the library and outside commentators familiar with the situation were: antiquated “legacy” systems, an over-reliance on outsourced tech support, the failure to develop and compensate its own in-house IT expertise, the need for increased security precautions, as well as a greater emphasis on fast recovery after a security breach.

 

The document pointed out: “A significant part of the national collection, across multiple institutions, now exists in digital form – in some cases digital-only – and we all have a vital interest in ensuring that this vast and growing national asset is protected from increasingly sophisticated and destructive cyber-attacks."

 

It also focused on the need for cyber-risk awareness, especially at the upper levels of the organization, specifically: “All senior officers and Board members need to have a clear and holistic understanding of cyber-risk, in order to make optimal strategic investment choices. Current risks and mitigations should be frequently and regularly discussed at senior officer level. The recruitment of a Board member or Board-level adviser with cyber expertise is strongly recommended.”

 

Likewise, last year the Toronto Public Library (TPL), the largest public library system in Canada with 100 branches and over 26 million items in its collection, was also the target of a ransom cyber-attack in October 2023 which caused massive disruption and revealed similar weaknesses in the way information technology and data security is handled.

 

A January 2024 article in Library Journal reported that, “Although TPL managed to keep all of its 100 branches open and host programs throughout the ordeal, patrons were unable to access their library accounts online or use the library’s computers for more than two months. And while TPL has also continued to manually check out print books and other physical materials, the library has been unable to process holds or check the materials back in when they are returned.

 

We’ve got twelve 53-foot tractor trailers filled with returns—well over a million items,” Toronto’s City Librarian Vickery Bowles told LJ in early January 2024. “Ransomware is becoming so pervasive, and it’s affecting organizations dedicated to community well-being such as hospitals, schools, and libraries, of course. I really feel that public sector organizations are becoming targets.”

 

The Toronto Star reported the library system was the victim of Russian cyber extortion group Black Basta, which demanded a $10 million ransom.

 

According to the Library Journal story, TPL did not pay the ransom.

 

We didn’t for a number of reasons, not the least of which is just by paying a ransom you’re funding and fostering further criminal activity,” Bowles said. In addition, law enforcement agencies note that there is no guarantee that the criminals will provide the key to unencrypt an institution’s files once the ransom is paid or refrain from attacking a victim again.

 

Instead, TPL immediately shut down their systems, notified the city of Toronto and its cybersecurity team, the Toronto Police, and the Royal Canadian Mounted Police. TPL also began working with outside legal counsel with expertise in cybersecurity and a separate cybersecurity company to conduct a forensic analysis of the attack.”

 

In Feb. 2024 TLP issued a final report which, though not as detailed as the one from the British Library, stressed the need for improved cybersecurity policies, immediate access to appropriate tech support when a breach occurs, and rebuilding of their network.

 

In other media reports it appears that TLP is still not certain how much of its employee and patron data was compromised.

 

A long article on the cyber attack on the British Library was published in the New Yorker in Dec. 2023

 

Posted On: 2024-04-22 05:48
User Name: jeffro4226

I am sitting here smh wondering how it is possible that whoever is responsible for cybersecurity at these libraries did not have some type of warning system in place. For gods sake it is 2024. How is it possible that a complete take over of the system occurred and no one noticed? Hell if I sign in to my g- mail from an unknown computer I immediately receive notices on my phone etc. Inside job? No way no one knew until ransom notice showed up under their windshield wiper! LOL


Rare Book Monthly

  • High Bids Win
    Rare Books, Catalogs, Magazines
    and Machine Manuals
    December 24 to January 9
    High Bids Win, Dec. 24 – Jan. 9: Ellis Smith Prints unsigned. 20” by 16”.
    High Bids Win, Dec. 24 – Jan. 9: United typothetae of America presidents. Pictures of 37 UTA presidents 46th annual convention United typothetae of America Cincinnati 1932.
    High Bids Win, Dec. 24 – Jan. 9: Henri de Toulouse-Lautrec signed Paper Impressionism Art Prints. MayMilton 9 1/2” by 13” Reine de Joie 9 1/2” by 13”.
    High Bids Win
    Rare Books, Catalogs, Magazines
    and Machine Manuals
    December 24 to January 9
    High Bids Win, Dec. 24 – Jan. 9: Aberle’ Ballet editions. 108th triumph, American season spring and summer 1944.
    High Bids Win, Dec. 24 – Jan. 9: Puss ‘n Boots. 1994 Charles Perrult All four are signed by Andreas Deja
    High Bids Win, Dec. 24 – Jan. 9: Specimen book of type faces. Job composition department, Philadelphia gazette publishing company .
    High Bids Win
    Rare Books, Catalogs, Magazines
    and Machine Manuals
    December 24 to January 9
    High Bids Win, Dec. 24 – Jan. 9: An exhibit of printed books, Bridwell library.
    High Bids Win, Dec. 24 – Jan. 9: A Connecticut Yankee in King Arthur Court By Mark Twain 1889.
    High Bids Win, Dec. 24 – Jan. 9: 1963 Philadelphia Eagles official program.
    High Bids Win
    Rare Books, Catalogs, Magazines
    and Machine Manuals
    December 24 to January 9
    High Bids Win, Dec. 24 – Jan. 9: 8 - Esquire the magazine for men 1954.
    High Bids Win, Dec. 24 – Jan. 9: The American printer, July 1910.
    High Bids Win, Dec. 24 – Jan. 9: Leaves of grass 1855 by Walt Whitman.
  • Sotheby's
    Fine Books, Manuscripts & More
    Available for Immediate Purchase
    Sotheby’s: William Shakespeare.
    The Poems and Sonnets of William Shakespeare, 1960. 7,210 USD
    Sotheby’s: Charles Dickens.
    A Christmas Carol, First Edition, 1843. 17,500 USD
    Sotheby’s: William Golding.
    Lord of the Flies, First Edition, 1954. 5,400 USD
    Sotheby's
    Fine Books, Manuscripts & More
    Available for Immediate Purchase
    Sotheby’s: Lewis Carroll.
    Through the Looking Glass and What Alice Found There, Inscribed First Edition, 1872. 25,000 USD
    Sotheby’s: J.R.R. Tolkien.
    The Hobbit, First Edition, 1937. 12,000 USD
    Sotheby’s: John Milton.
    Paradise Lost, 1759. 5,400 USD

Article Search

Archived Articles

Ask Questions