# British Library cyberattack

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/British_Library_cyberattack
> Markdown URL: https://mediated.wiki/source/British_Library_cyberattack.md
> Source: https://en.wikipedia.org/wiki/British_Library_cyberattack
> Source revision: 1345628423
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Ransomware attack on major UK library

This article needs to be updated. Please help update this article to reflect recent events or newly available information. (March 2025)

Entrance gate to the British Library on [Euston Road](/source/Euston_Road), [St Pancras](/source/St_Pancras%2C_London), London, looking towards the [Newton statue](/source/Newton_(Paolozzi))

In October 2023, [Rhysida](/source/Rhysida_(hacker_group)), a [hacker group](/source/Hacker_group), attacked the online information systems of the [British Library](/source/British_Library). They demanded a ransom of 20 [bitcoin](/source/Bitcoin), at the time around [£](/source/Pound_sterling)596,000, to restore services and return the stolen data. When the British Library did not acquiesce to the demands, Rhysida publicly released approximately 600GB of leaked material online. Services at the library were severely disrupted for months. It has been described as "one of the worst cyber incidents in British history".[1]

The main catalogue returned online on 15 January 2024 in a [read-only](/source/Read-only_access) format, although some of the library's services are expected to remain unavailable for months. The British Library will use about 40 percent of its financial reserves, around £6–7 million, to recover from the attack.

## Background

The [British Library](/source/British_Library) is a [non-departmental public body](/source/Non-departmental_public_body) which in 2023 held around 14 million books, as well as millions of other items.[2][3] It is the largest library in the United Kingdom.[4] The Library was protected by [firewalls](/source/Firewall_(computing)) and [antivirus software](/source/Antivirus_software) but did not have a [multi-factor authentication](/source/Multi-factor_authentication) (MFA) policy that covered all organizational assets. The Library had installed a new Terminal Services server in February 2020 to facilitate [remote access](/source/Remote_access_service) to third-party providers during the [COVID-19 pandemic](/source/COVID-19_pandemic); this was the server on which unauthorized access was first detected during the attack. The library had achieved accreditation for the "Cyber Essentials Plus" in 2019; however, in 2022 the accreditation standards changed which made the library non-compliant. In 2020, the Library, in light of the COVID-19 pandemic, implemented MFA, however, a Library report clarified that "...but for reasons of practicality, cost and impact on ongoing Library programmes, it was decided at this time that connectivity to the British Library domain (including machine log-on access and access to on-premise servers) would be out of scope for MFA implementation, pending further renewal of the Library’s infrastructure."[5] Due to these circumstances, the Library's servers were vulnerable to attack due to identified increasing third-party cybersecurity risks and a series of emergency decisions to quickly secure their infrastructure while adapting to change due to the COVID-19 pandemic.

[Rhysida](/source/Rhysida_(hacker_group)) is a hacker group and "[ransomware as a service](/source/Ransomware_as_a_service)" provider already known for its attacks on vital infrastructure such as schools, hospitals and government agencies, having become known to [intelligence services](/source/Intelligence_agency) in May 2023.[3][6] It had previously attacked the [Chilean Army](/source/Chilean_Army), a medical research lab in Australia, and health-care company [Prospect Medical Holdings](/source/Prospect_Medical_Holdings).[6]

The British Library attack was part of a larger pattern of [cyberattacks](/source/Cyberattack) at this time against cultural institutions. These attacks had previously affected the [Metropolitan Opera](/source/Metropolitan_Opera) in [New York City](/source/New_York_City) and [Natural History Museum](/source/Natural_History_Museum%2C_Berlin) in [Berlin](/source/Berlin).[7]

## Timeline of events

### 2023

- **28 October:** At 9:54 a.m. [GMT](/source/Greenwich_Mean_Time), The British Library states on [Twitter](/source/Twitter) that it is experiencing "technical issues affecting our website". By midmorning, issues include a public [Wi-Fi](/source/Wi-Fi) outage and non-functional online catalogue.[6][3][8]

- **29 October:** The Library announces on [Twitter](/source/Twitter) that it is experiencing a "technology outage".[6]

- **30 October:** The Library reopens after the weekend "in a pre-digital state", according to *[The New Yorker](/source/The_New_Yorker)*. Its website, phone lines, ticket sales, reader registrations, and card transactions are non-functional. Deliveries from the Library's [Boston Spa](/source/Boston_Spa) site are put on hold.[6]

- **31** **October:** The Library confirms publicly that the outage is the consequence of a cyberattack.[9] It launches an investigation alongside the [National Cyber Security Centre](/source/National_Cyber_Security_Centre_(United_Kingdom)) (NCSC) and other cybersecurity specialists.[10]

- **16 November:** An attempt at digital extortion, also known as a ransomware attack, is confirmed by the Library.[9]

- **20 November:** Rhysida claims responsibility for the breach and launches a week-long auction for 490,191 files of data on the [dark web](/source/Dark_web), opening bidding at 20 bitcoin, at the time equivalent to about [£](/source/Pound_sterling)596,000, for a single buyer.[2][6] It sets the auction deadline to 8 a.m. GMT on 27 November and advertises it with [low-resolution](/source/Image_resolution) images which appear to show [HM Revenue and Customs](/source/HM_Revenue_and_Customs) documents, [employment contracts](/source/Employment_contract) and [passport](/source/Passport) information.[2][4] It claims the data is "exclusive, unique and impressive".[3] The Library states that the leaked data appears to be from its internal [human resources](/source/Human_resources) files.[4]

- **27 November:** Rhysida makes 90 percent of the stolen data, approximately 600GB, freely available for anyone on the dark web to download after the British Library refuses to pay the ransom.[6][11]

### 2024

- **5 January:** The Financial Times reports that the Library would use around 40 percent of its financial reserves to recover from the attack, estimated at around £6–7 million.[12]

- **10 January:** The Library announces that some of its services will return online from 15 January, with access stated by [Roly Keating](/source/Roly_Keating), chief executive of the Library, to be "slower and more manual" than before the attack. Keating apologises that "for the past two months researchers who rely for their studies and in some cases for their livelihoods on access to the library's collection have been deprived of it".[13][14]

- **15 January:** The British Library's main online catalogue is restored in a read-only format. Users are able to search the main catalogue, but the process of checking availability and ordering items is different. Access to key special collections is restored but for in-person visits only.[13][14][15][16]

- **8 March:** Roly Keating authors a blog post to the British Library website announcing the availability of a report that "gives a description and timeline of the attack, to the best of our current understanding, and its implications for the Library’s operations, future infrastructure and risk assessment."[17][5] The report announced that it was undertaking a "Rebuild & Renew" scheme "to ensure its future ability to respond to incidents of a similar scale in a consistent and structured way", including a "considerable shift" away from on-site technologies and onto the [cloud](/source/Cloud_computing).[18]

- **30 July:** Library announces that remote ordering of physical media for delivery to the Reading Rooms will be available by September 2024. Digital versions of historically significant manuscripts will be re-released incrementally beginning in September, based on a "prioritised list of manuscripts based on criteria including the items that were most requested prior to the cyber-attack and items to which Reading Room access is restricted." Educational websites, and digital academic journals, will also be restored before the academic year 2024–25, to the extent possible. Digital ordering of items in the Automated Storage Building is expected to go back online in August 2024.[19]

### 2025

- Access to the library collection was halted between the 1st of December to 7th December to allow for a [LMS](/source/Integrated_library_system) changeover to the [Ex Libris](/source/Ex_Libris_Group) software Alma.[20][21]

- Following the changeover a new online catalogue interface was made available on the 8th December for requests.[20]

- As of November 1, services are still heavily affected. Many services at the library are still unavailable, including ebooks, its archives and manuscripts catalogue, and online journal articles[22].

## Attack methods

The Library stated that the attackers probably used a [phishing](/source/Phishing), [spear-phishing](/source/Phishing#Spear_phishing) or [brute-force attack](/source/Brute-force_attack) facilitated by a compromise of third-party credentials as well as a lack of use of multi-factor authentication by third-party contractors. After gaining access, Rhysida used three methods to identify and copy the 600GB of documents during the attack, including personal details of Library users and staff. These were:[18]

1. A targeted attack that copied full sections of [network drives](/source/File_server) of the Library's Finance, Technology and People teams, which made up 60% of all content copied.

1. A keyword attack which scanned for files and folders that used sensitive keywords in their names, including 'passport' or 'confidential', which constituted 40% of the copied data and included files from [corporate networks](/source/Corporate_network) and personal drives used by staff.

1. A hijacking of native utilities, which were then used to forcibly create backup copies of 22 databases of data including contact details of external users and customers.

Furthermore, Rhysida and its affiliates destroyed servers to inhibit system recovery and [forensic analysis](/source/Forensic_science).[18]

## Impact

While the process of calculating the full financial impact of the attack is ongoing,[18] there were a number of impacts to the functioning of the library following the attack. These include:

- Library items from its Boston Spa branch could not be transferred to the London site.[8]

- Around 20,000 writers, illustrators and translators who usually received [Public Lending Right](/source/Public_Lending_Right) payments from borrowed books had their payments delayed.[23][8]

- The Library's 2024–25 visiting fellowship programme was suspended.[8]

- The computerised catalogue was offline for months, with partial restoration in January 2024.[8]

- The [EThOS](/source/E-Theses_Online_Service) collection of British [doctoral theses](/source/Thesis) remained offline as of 19 December 2023.[6]

- An estimated £6–7 million in costs to recover from the attack.[12]

- As of 4 November 2024, British Library electronic resources web pages redirect to a page with the statement, "We're continuing to experience a major technology outage as a result of a cyber-attack. Our buildings are open as usual, however, the outage is still affecting our website, online systems and services, as well as some onsite services. This is a temporary website, with limited content, which outlines the services that are currently available, as well as what's on at the Library."[24]

## See also

- [WannaCry ransomware attack](/source/WannaCry_ransomware_attack)

- [Internet Archive cyberattack](/source/Internet_Archive#Cyberattacks)

## References

1. **[^](#cite_ref-1)** Ash, Lamorna (6 February 2024). ["Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them?"](https://www.theguardian.com/commentisfree/2024/feb/06/hacker-british-library-cybersecurity-cybercrime-uk). *[The Guardian](/source/The_Guardian)*. [ISSN](/source/ISSN_(identifier)) [0261-3077](https://search.worldcat.org/issn/0261-3077). Retrieved 2024-02-22.

1. ^ [***a***](#cite_ref-:02_2-0) [***b***](#cite_ref-:02_2-1) [***c***](#cite_ref-:02_2-2) Sherwood, Harriet (22 November 2023). ["Personal data stolen in British Library cyber-attack appears for sale online"](https://www.theguardian.com/technology/2023/nov/22/personal-data-stolen-in-british-library-cyber-attack-appears-for-sale-online). *[The Guardian](/source/The_Guardian)*. [ISSN](/source/ISSN_(identifier)) [0261-3077](https://search.worldcat.org/issn/0261-3077). [Archived](https://web.archive.org/web/20231209004316/https://www.theguardian.com/technology/2023/nov/22/personal-data-stolen-in-british-library-cyber-attack-appears-for-sale-online) from the original on 2023-12-09. Retrieved 2024-01-15.

1. ^ [***a***](#cite_ref-:13_3-0) [***b***](#cite_ref-:13_3-1) [***c***](#cite_ref-:13_3-2) [***d***](#cite_ref-:13_3-3) Uddin, Rafe; Stacey, Stephanie (21 November 2023). ["Cyber attack on British Library raises concerns over lack of UK resilience"](https://www.ft.com/content/642ee014-4768-4c65-b1ee-0d4f39a8a63d). *[Financial Times](/source/Financial_Times)*. [Archived](https://web.archive.org/web/20231230183853/https://www.ft.com/content/642ee014-4768-4c65-b1ee-0d4f39a8a63d) from the original on 2023-12-30. Retrieved 2024-01-15.

1. ^ [***a***](#cite_ref-:4_4-0) [***b***](#cite_ref-:4_4-1) [***c***](#cite_ref-:4_4-2) Rufo, Yasmin (21 November 2023). ["British Library: Employee data leaked in cyber attack"](https://www.bbc.com/news/entertainment-arts-67484639). *[BBC News](/source/BBC_News)*. [Archived](https://web.archive.org/web/20240116115449/https://www.bbc.com/news/entertainment-arts-67484639) from the original on 2024-01-16. Retrieved 2024-01-16.

1. ^ [***a***](#cite_ref-Library_Review_5-0) [***b***](#cite_ref-Library_Review_5-1) ["Learning from the cyber-attack: British Library cyber incident review"](https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf) (PDF). British Library. 8 March 2024. Retrieved 2026-01-16.

1. ^ [***a***](#cite_ref-:0_6-0) [***b***](#cite_ref-:0_6-1) [***c***](#cite_ref-:0_6-2) [***d***](#cite_ref-:0_6-3) [***e***](#cite_ref-:0_6-4) [***f***](#cite_ref-:0_6-5) [***g***](#cite_ref-:0_6-6) [***h***](#cite_ref-:0_6-7) Knight, Sam (19 December 2023). ["The Disturbing Impact of the Cyberattack at the British Library"](https://www.newyorker.com/news/letter-from-the-uk/the-disturbing-impact-of-the-cyberattack-at-the-british-library). *[The New Yorker](/source/The_New_Yorker)*. [ISSN](/source/ISSN_(identifier)) [0028-792X](https://search.worldcat.org/issn/0028-792X). [Archived](https://web.archive.org/web/20231220114107/https://www.newyorker.com/news/letter-from-the-uk/the-disturbing-impact-of-the-cyberattack-at-the-british-library) from the original on 2023-12-20. Retrieved 2024-01-16.

1. **[^](#cite_ref-7)** Harris, Gareth (22 December 2023). ["As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats?"](https://www.theartnewspaper.com/2023/12/22/as-british-library-faces-fallout-of-cyber-attackwhat-can-arts-bodies-do-to-fight-off-wave-of-ransomware-threats). *[The Art Newspaper](/source/The_Art_Newspaper)*. [Archived](https://web.archive.org/web/20240114170007/https://www.theartnewspaper.com/2023/12/22/as-british-library-faces-fallout-of-cyber-attackwhat-can-arts-bodies-do-to-fight-off-wave-of-ransomware-threats) from the original on 2024-01-14. Retrieved 2024-01-15.

1. ^ [***a***](#cite_ref-:5_8-0) [***b***](#cite_ref-:5_8-1) [***c***](#cite_ref-:5_8-2) [***d***](#cite_ref-:5_8-3) [***e***](#cite_ref-:5_8-4) Sherwood, Harriet (15 January 2024). ["'A 22-carat disaster': what next for British Library staff and users after data theft?"](https://www.theguardian.com/books/2024/jan/15/british-library-cyber-attack-staff-users-analysis). *[The Guardian](/source/The_Guardian)*. [Archived](https://web.archive.org/web/20240115210514/https://www.theguardian.com/books/2024/jan/15/british-library-cyber-attack-staff-users-analysis) from the original on 2024-01-15. Retrieved 2024-01-15.

1. ^ [***a***](#cite_ref-:3_9-0) [***b***](#cite_ref-:3_9-1) Scroxton, Alex (15 January 2024). ["British Library cyber attack explained: What you need to know"](https://www.computerweekly.com/feature/British-Library-cyber-attack-explained-What-you-need-to-know). *[Computer Weekly](/source/Computer_Weekly)*. [Archived](https://web.archive.org/web/20240116013818/https://www.computerweekly.com/feature/British-Library-cyber-attack-explained-What-you-need-to-know) from the original on 2024-01-16. Retrieved 2024-01-16.

1. **[^](#cite_ref-10)** Banfield-Nwachi, Mabel (31 October 2023). ["British Library suffering major technology outage after cyber-attack"](https://www.theguardian.com/books/2023/oct/31/british-library-suffering-major-technology-outage-after-cyber-attack). *[The Guardian](/source/The_Guardian)*. [ISSN](/source/ISSN_(identifier)) [0261-3077](https://search.worldcat.org/issn/0261-3077). [Archived](https://web.archive.org/web/20231108142221/https://www.theguardian.com/books/2023/oct/31/british-library-suffering-major-technology-outage-after-cyber-attack) from the original on 2023-11-08. Retrieved 2024-01-15.

1. **[^](#cite_ref-:1_11-0)** Adams, Geraldine Kendall (20 December 2023). ["Museums on alert following British Library cyber attack"](https://www.museumsassociation.org/museums-journal/news/2023/12/museums-on-alert-following-british-library-cyber-attack/). *[Museums Association](/source/Museums_Association)*. [Archived](https://web.archive.org/web/20231223000618/https://www.museumsassociation.org/museums-journal/news/2023/12/museums-on-alert-following-british-library-cyber-attack/) from the original on 2023-12-23. Retrieved 2023-12-23.

1. ^ [***a***](#cite_ref-:6_12-0) [***b***](#cite_ref-:6_12-1) Uddin, Rafe; Thomas, Daniel (5 January 2024). ["British Library to burn through reserves to recover from cyber attack"](https://www.ft.com/content/4be5d468-0cc3-4881-a5fb-b5d0163de93e). *[Financial Times](/source/Financial_Times)*. [Archived](https://web.archive.org/web/20240116115449/https://www.ft.com/content/4be5d468-0cc3-4881-a5fb-b5d0163de93e) from the original on 2024-01-16. Retrieved 2024-01-16.

1. ^ [***a***](#cite_ref-:7_13-0) [***b***](#cite_ref-:7_13-1) Gross, Jenny (15 January 2024). ["Months After Cyberattack, British Library Crawls Back Online"](https://www.nytimes.com/2024/01/15/arts/british-library-cyberattack.html). *[The New York Times](/source/The_New_York_Times)*. [ISSN](/source/ISSN_(identifier)) [0362-4331](https://search.worldcat.org/issn/0362-4331). [Archived](https://web.archive.org/web/20240116115449/https://www.nytimes.com/2024/01/15/arts/british-library-cyberattack.html) from the original on 2024-01-16. Retrieved 2024-01-16.

1. ^ [***a***](#cite_ref-:8_14-0) [***b***](#cite_ref-:8_14-1) Sherwood, Harriet (15 January 2024). ["British Library begins restoring digital services after cyber-attack"](https://www.theguardian.com/books/2024/jan/15/british-library-begins-restoring-digital-services-after-cyber-attack). *[The Guardian](/source/The_Guardian)*. [ISSN](/source/ISSN_(identifier)) [0261-3077](https://search.worldcat.org/issn/0261-3077). [Archived](https://web.archive.org/web/20240116115450/https://www.theguardian.com/books/2024/jan/15/british-library-begins-restoring-digital-services-after-cyber-attack) from the original on 2024-01-16. Retrieved 2024-01-16.

1. **[^](#cite_ref-:2_15-0)** Nanji, Noor (15 January 2024). ["British Library starts restoring services online after hack"](https://www.bbc.com/news/entertainment-arts-67976183). *[BBC News](/source/BBC_News)*. [Archived](https://web.archive.org/web/20240115194015/https://www.bbc.com/news/entertainment-arts-67976183) from the original on 2024-01-15. Retrieved 2024-01-15.

1. **[^](#cite_ref-16)** Simpson, Craig (15 January 2024). ["British Library restoring online services after cyber attack"](https://www.telegraph.co.uk/news/2024/01/15/british-library-rhysida-hack-restores-online-services/). *[The Telegraph](/source/The_Daily_Telegraph)*. [ISSN](/source/ISSN_(identifier)) [0307-1235](https://search.worldcat.org/issn/0307-1235). [Archived](https://web.archive.org/web/20240116115449/https://www.telegraph.co.uk/news/2024/01/15/british-library-rhysida-hack-restores-online-services/) from the original on 2024-01-16. Retrieved 2024-01-16.

1. **[^](#cite_ref-17)** Keating, Roly (8 March 2024). ["Learning lessons from the cyber-attack"](https://blogs.bl.uk/living-knowledge/2024/03/learning-lessons-from-the-cyber-attack.html). *Knowledge Matters blog*. British Library. Retrieved 2024-03-08.

1. ^ [***a***](#cite_ref-:9_18-0) [***b***](#cite_ref-:9_18-1) [***c***](#cite_ref-:9_18-2) [***d***](#cite_ref-:9_18-3) Coker, James (11 March 2024). ["Third-Party Breach and Missing MFA Led to British Library Attack"](https://www.infosecurity-magazine.com/news/third-party-mfa-british-library/). *[Infosecurity Magazine](https://en.wikipedia.org/w/index.php?title=Infosecurity_Magazine&action=edit&redlink=1)*. Retrieved 2024-03-12.

1. **[^](#cite_ref-19)** ["Restoring our services – 30 July 2024 update"](https://blogs.bl.uk/living-knowledge/2024/07/restoring-our-services-30-july-2024-update-.html). *blogs.bl.uk*.

1. ^ [***a***](#cite_ref-:10_20-0) [***b***](#cite_ref-:10_20-1) Maxwell, Jamie. ["Guides: What's currently available: Introduction"](https://bl.libguides.com/currently-available/introduction). *bl.libguides.com*. Retrieved 2025-11-24.

1. **[^](#cite_ref-21)** ["The British Library Selects Clarivate to Provide Library Services"](https://exlibrisgroup.com/announcement/the-british-library-selects-clarivate-to-provide-library-services-and-discovery-platforms/). Retrieved 2025-11-24.

1. **[^](#cite_ref-22)** Stavrou, Athena (1 November 2025). ["'People have had to move house': Inside the British Library, two years on from devastating cyber attack"](https://www.independent.co.uk/news/uk/home-news/british-library-strike-cyber-attack-b2855495.html). *The Independent*. Retrieved 2025-12-31.{{[cite news](https://en.wikipedia.org/wiki/Template:Cite_news)}}: CS1 maint: url-status ([link](https://en.wikipedia.org/wiki/Category:CS1_maint:_url-status))

1. **[^](#cite_ref-23)** Barnett, David (6 January 2024). ["Richard Osman among authors missing royalties amid ongoing cyber-attack on British Library"](https://www.theguardian.com/books/2024/jan/06/authors-missing-borrowing-royalties-british-library-cyber-attack). *[The Observer](/source/The_Observer)*. [ISSN](/source/ISSN_(identifier)) [0029-7712](https://search.worldcat.org/issn/0029-7712). [Archived](https://web.archive.org/web/20240116115449/https://www.theguardian.com/books/2024/jan/06/authors-missing-borrowing-royalties-british-library-cyber-attack) from the original on 2024-01-16. Retrieved 2024-01-16.

1. **[^](#cite_ref-24)** ["Sorry we can't find that page"](https://www.bl.uk/eresources/remote/about.html). *British Library (bl.uk)*. Retrieved 2024-11-04.

v t e Hacking in the 2020s ← 2010s Timeline of security hacking incidents Timeline of computer viruses and worms Major incidents 2020 BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach Windows XP Service Pack 1 and Server 2003 RTM source code leaks 2021 Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack Iranian fuel cyberattack 2022 Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak Optus data breach 2023 Munster Technological University ransomware attack Capita data breach Evide data breach MOVEit data breach Insomniac Games data breach Operation Triangulation cyberattack British Library cyberattack 2024 XZ Utils backdoor Kadokawa and Niconico Change Healthcare ransomware attack Ukrainian cyberattacks against Russia 2024 WazirX hack Trump campaign hack Fur Affinity domain hijacking IRLeaks attack on Iranian banks Internet Archive data breach i-Soon leak 2024 global telecommunications hack 2024 National Public Data breach 2025 Cyberattacks on Bank Sepah 2025 Paraguay ransomware attack 4chan hacking and data breach 2025 St. Paul cyberattack Jaguar Land Rover cyberattack Collins Aerospace cyberattack 2025 cyberattack on Polish power grid 2026 Aura (security) data breach ManageMyHealth data breach Neighbourly data breach Cyberwarfare during the 2026 Iran war 2026 Canvas data breach Groups Anonymous associated events Anonymous Sudan Berserk Bear BlackCat Clop Cozy Bear DarkMatter DarkSide Dark Storm Team Dridex Ghostwriter GnosticPlayers Guacamaya Hafnium Indian Cyber Force IT Army of Ukraine Killnet Lapsus$ LightBasin LockBit OceanLotus REvil Rhysida Sandworm Sakura Samurai ShinyHunters SiegedSec Vice Society Wizard Spider Individuals Graham Ivan Clark maia arson crimew IntelBroker Kirtaner Major vulnerabilities publicly disclosed SMBGhost (2020) Thunderspy (2020) PrintNightmare (2021) FORCEDENTRY (2021) Log4Shell (2021) Account pre-hijacking (2022) Retbleed (2022) Downfall (2023) LogoFAIL (2023) Reptar (2023) Terrapin (2023) GoFetch (2024) Sinkclose (2024) Copy Fail (2026) Malware Adrozek CovidLock Drovorub Predator BlackLotus Cyclops Blink Pipedream Akira ClickFix Gayfemboy BootKitty

---
Adapted from the Wikipedia article [British Library cyberattack](https://en.wikipedia.org/wiki/British_Library_cyberattack) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/British_Library_cyberattack?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
