Knowledge Matters blog

As we begin a new year, I'm pleased to confirm that – as promised before Christmas – next Monday 15 January will see the return online of one of the most important datasets for researchers around the world: the main British Library catalogue, including details of our printed books, journals, maps, music scores and rare books. Its absence from the internet has been perhaps the single most visible impact of the criminal cyber attack which took place at the end of October last year, and I want to acknowledge how difficult this has been for all our users.

When the catalogue returns it won’t be in quite the form that long-standing users will be familiar with. Most notably it will be 'read-only', so although you will be able to search for items as before, the process for checking availability and ordering them for to use in the Reading Rooms will be different. We’ll be providing more detailed information and practical guidance when the catalogue goes online on Monday.

In addition I can confirm that from next week we will also be able to provide our readers with access to the majority of the Library's key special collections – the archives, manuscripts and other unique items that are only available here. For the time being you’ll need to come on-site to consult offline versions of the specialist catalogues, but our reference teams will be on hand to help you with searching for and requesting items.

Taken together these developments mean that for the first time since the attack the majority of physical books, archives, maps and manuscripts held in the basements at our St Pancras site will once again be discoverable and useable by our Readers. Although the processes may be slower and more manual than we’ve all been used to, this is the familiar heart of the Library’s offering to researchers and restores a core element of our public service. It will be good to have it back.

Further stages of recovery

Positive as this news is it’s important to stress that there are many further steps ahead. The broader programme of full technical rebuild and recovery from the attack will take time, and we’re keen to listen to our users and the wider research community to ensure we get the priorities right in the months ahead. Some key future milestones, which we will report on in due course, include restoring access to the full range of content held at our Boston Spa site, and also to those parts of our digital collections that are currently unavailable.

Learning lessons for the future

It’s also important, as we enter this crucial new phase of recovery, to say that we are sorry that for the past two months researchers who rely for their studies and in some cases their livelihoods on access to the Library’s collections have been deprived of it. And we are sorry that for all our efforts we were not able to protect some personal data belonging to our users and our staff from being leaked by these hackers.

It has been a sobering couple of months for all of us at the British Library, and we’re determined that others benefit from the experience we have been through. As I said in my previous blog, what happened to us in October has implications for the whole collections sector, and in the months ahead we will begin to share the lessons we’ve learned from this experience with our partners and peer institutions.

We’re also determined that we learn those lessons ourselves, and use this as a moment not just to replicate the systems we ran before, but to improve as we rebuild. At the time the hackers hit we were embarking on a significant round of fresh investment in our core technology infrastructure, as part of the Knowledge Matters strategy we launched last May. That work will now be accelerated, to ensure that what emerges from this unwanted attack is a strengthened British Library that is as ready as it can possibly be to confront whatever future threats emerge from the constantly evolving world of cyber crime.

Other matters and next steps

Another vital part of the Library’s service is the annual provision of payments to authors and other recipients of UK Public Lending Right (PLR). We understand the vital importance of these payments to those who depend upon them, and many will have been understandably anxious since the cyber attack about the impact on this year’s process. I hope that many of those affected will have seen the message the PLR team published last week, giving reassurance that workaround systems are being put in place to ensure that this year’s payments will be made by, at the latest, the statutory deadline at end of March. A detailed timeline will issued by the end of this month, once this year’s Rate Per Loan has been laid in Parliament.

Full recovery of all our services will be a gradual process, but I hope that from next week onwards those users who have been most severely impacted will start to see real progress, and will continue to see improvements going forward. Recent press speculation about the possible cost of the recovery programme was premature as we have yet to confirm what the full costs will be. We remain in close and regular contact with our government sponsor, the Department for Culture, Media and Sport (DCMS), and will work with them to ensure that our recovery takes place on a secure and financially sustainable basis.

In the meantime more detail about the interim catalogue and the manual requesting process will be shared on our website when the catalogue goes live next week. Future progress on restoring access will be announced via our social media channels and our website at bl.uk.

Once again I’d like to thank our community of users, partners and supporters for the patience and support you have shown so far. I also want to thank the many colleagues who have been working hard over recent weeks to make all of these latest developments possible. We will continue to keep you informed about our recovery programme as further milestones are confirmed and implemented.

Sir Roly Keating
Chief Executive

This blog was amended on 15 January to remove an incorrect number.

On the last weekend of October, the British Library became the victim of a major cyber-attack, the impact of which continues to be felt by our staff, our partners and our millions of users.

This was a ransomware attack, by a criminal group known for such activity, and its effects were deep and extensive. Our online systems and services were massively disrupted, our website went down, and we initially lost access to even basic communication tools such as email.

We took immediate action to isolate and protect our network but significant damage was already done: having breached our systems, the attackers had destroyed their route of entry and much else besides, encrypting or deleting parts of our IT estate. They also copied a significant chunk of our data, which they attempted to auction online and, a month later, released most of it onto their site on the dark web.

The Library itself remains a crime scene, with a forensic investigation of our disrupted network still ongoing. In parallel, our teams are examining and analysing the almost 600 gigabytes of leaked material that the attackers dumped online – difficult and complex work that is likely to take months.

Impact and response

The impact of the attack was felt in our Reading Rooms in London and Yorkshire, where collection items could no longer be retrieved, and one of our core responsibilities as the national library – free access to our collection – was put on hold. Essential digital services including our catalogue, our website and our online learning resources went dark, with research services like our popular EThOS collection of more than 600,000 doctoral theses suddenly unavailable.

We alerted our users to the scale of the disruption using our social media channels. Thankfully, we have been able to keep our physical sites open to the public throughout, and although services in the Reading Rooms remain severely limited, the public areas at our St Pancras building are as busy and lively as they have ever been with visits, events and personal study. Our exhibitions on the literature of Fantasy and the writer Malorie Blackman continue to attract the crowds, and in the very week of the cyber-attack we were able to successfully host a five-day fringe event on AI in our Knowledge Centre.

Most fundamentally, we have continued to care for our precious physical collection, and can confirm that the vast datasets held in our Digital Library System, including the digital legal deposit content that it is our statutory duty to collect and preserve, are intact and safe from harm.

Aftershocks

Although this kind of attack was something we had prepared for and rehearsed, and had taken steps to guard against, it was no less of a shock when it happened. It is our purpose to provide access to a collection of 170 million items – open to all and free at the point of use, for research, inspiration and enjoyment – and we found ourselves, that first weekend, at the receiving end of a smash-and-grab operation, and a crude attempt at extortion.

The people responsible for this cyber-attack stand against everything that libraries represent: openness, empowerment, and access to knowledge.

Our sense of outrage increased when the data the attackers stole was dumped onto the dark web. As soon as we were able to confirm it might include the data of Library users, we announced this publicly and emailed our users directly to alert them, and to encourage them to take sensible precautions to protect themselves.

We are continuing to collaborate with the Metropolitan Police and professional cyber security advisors to investigate the situation, and are receiving additional support from the National Cyber Security Centre (NCSC). Should we find evidence of specific data that has been compromised we will alert the people affected as soon as we can.

Reflections and rebuilding

Our experience of the past two months has highlighted a great paradox for knowledge institutions in the digital age. Our deep commitment to openness, access and discovery means that we fully embrace the amazing possibilities that technology enables; while as custodians of our collections we also face an ever-increasing challenge in keeping our digital heritage safe from attack.

Libraries, research and education institutions are being targeted, whether for monetary gain or out of sheer malice. Society more widely, and all of us as individuals need to be alert to this fast-evolving threat. The NCSC provides excellent guidance on staying safe online, as well as specific guidance for individuals who may have been impacted by a data breach. For better or worse, everyone working at the Library now knows a lot more about the dangers of identity fraud than we did barely six weeks ago, and I would recommend to anyone the benefit of being both forewarned and forearmed.

Restoring access

Behind the scenes, teams across the Library have been working hard to develop hybrid services and workarounds that can restore some level of access to our collection, while a much broader programme of secure infrastructure rebuilding gets underway. We are as eager as our Readers to restore access to the collection, but we need to exercise exceptional care to ensure we do nothing to compound the risk of further attack.

From early in the new year you will begin to see a phased return of certain key services, starting with the most crucial of all, our main catalogue, a reference-only version of which will be back online from 15 January, further facilitating the manual ordering which is already available in our Reading Rooms. Other interim services will include increased on-site access to our manuscripts and special collections, and a bespoke inter-library loan capability designed to serve key sectors such as health, higher education and law. Each of these offerings will initially be somewhat different from our normal service, but together they will represent a crucial first stage on our road back to normality.

We know that the journey to full recovery will be a long one, but the weeks since the cyber-attack have demonstrated to me in abundance the expertise, energy and commitment to public service of our staff. This experience has also revealed the incredible understanding and generosity of our vast national and international community of users, supporters and partner institutions, who have patiently kept faith with us as we have navigated this unprecedented challenge. On behalf of all of us at the British Library – thank you.

Sir Roly Keating
Chief Executive

We’re continuing to experience a major technological outage due to a cyber-attack, which is affecting our website and online systems and services, including PLR which the Library administers.

Delay to Irish PLR payments

Unfortunately this means we’re currently unable to distribute Irish PLR statements, or make the payments that were planned for December. Once PLR services are restored, we’ll send out statements and where payments are due, these will be made as soon as we can. We know this may be worrying news and we’re sorry if you have been affected by this delay.

Registering for PLR

We’re currently unable to register new titles or users for PLR payments. However, the deadline to register for inclusion in next year’s payments is not until 30 June 2024. We hope to have a registration system working in advance of this date.

Your PLR data

We know that news of this incident may be unsettling and you may have concerns about your data. We know that the attackers are likely to have copied some data from our internal management databases containing the name, postal address and email address of some PLR users. There is currently no evidence that copies of identity documents used during PLR registration were compromised.

What can you do?

Where we have an email address we’ve contacted all PLR users who may have been affected. As our systems remain unavailable, you won’t be able to change the password you have used to access British Library or PLR services. However, if you use the same password to login to other, non-British Library services we recommend that you change it.

The National Cyber Security Centre (NCSC) provides guidance on staying safe online, as well as specific guidance for individuals who may have been impacted by a data breach.

Over the coming months you should also be particularly alert for phishing emails and scam phone calls or text messages. The NCSC offers advice on how to spot these types of attack.

If you haven’t yet been contacted, or if you have any other questions, you can email us at [email protected]. Alternatively, you can contact our Data Protection Officer at [email protected]. 

Further updates on PLR services

While we anticipate restoring many of our services in the next few weeks, some disruption may persist for several months. At this point we’re unable to say how long PLR services will be disrupted or whether UK PLR payments will be affected too. However, we will update this blog and social media when we have further news to share.

Thank you for your patience and understanding.