Written by Rebecca Drummond, Assistant Registrar, National Museums Scotland

In October 2023, the British Library experienced a cyber-attack. Whilst much of the media coverage has focused on the technology aspects and the effects on visitors and readers, Morgan’s presentation highlighted the ongoing impact on staff – both their ways of working and the emotional impact.

Morgan began by setting out how the crisis initially unfolded, with staff unable to log on to the network and a series of social media posts announcing that the British Library (BL) was experiencing a “technology outage”. Despite this, staff were initially expected to continue work as normal, until the scale of the issue became clear and they received a notification to log off and shut down immediately.

A public report issued by the British Library on 8 March 2024 explained that a criminal gang illegally removed over 600GB of data from the BL systems. When the ransom of 20 bitcoin (approximately £600,000) was not paid, the data was put up for auction and subsequently dumped on the dark web. Finance, Tech and People teams were targeted, and files were scanned for sensitive key words such as “passport” and “confidential”. Morgan shared a screenshot of blurry passport identity pages taken from the dark web – it is hard to imagine how it must feel to be one of the people affected by this.

As someone who is not familiar with the inner workings of libraries, it was interesting to hear how the Library’s collections were managed. Instead of a centralised Collections Management System, the BL had a patchwork of catalogues in a variety of formats. Perhaps reflecting how the Registrar team is something of an anomaly at the BL being more of a museum-type role, outgoing loans were managed by an Excel spreadsheet, with a tab for each year and a line for each object lent – Morgan noted that their IT team was horrified by this set up.

Although the BL had secure back-ups, it has proved difficult to restore these because of a lack of viable infrastructure or software to restore them to. Six months on, they don’t yet know what they have lost. Staff at the BL are currently working with no network files, photography, facilities reports, network printing or batch scanning. It is only in the last week that items from their off-site store in Boston Spa could be requested. It is likely that recovery will take place over years, rather than months.

Despite all the challenges, the Registrar team have been able to implement some key changes. These include using abbreviations in file names, getting acknowledgement from the organisation that the sensitive nature of the data that Registrars deal with on a daily basis requires additional security protocols, and setting up a terabyte drive as a back-up system. When asked for advice, Morgan recommended that Registrars look at setting up their own continuity plans, rather than relying on institution protocols, and have multiple back-ups in different formats of key data.

As cyber-attacks become increasingly common, it is clear that the role of Registrars is expanding to include not only the physical safety and security of our collections, but also the digital safety of our couriers and loans-related data.