In particular, the U.K.’s National Cyber Security Centre said the British Library “should be applauded” for refusing to pay an extortion fee, and particularly praised the institution for detailing its recovery process in an 18-page incident review published five months later. The decision not to pursue an investigation marks out the British Library’s response in stark contrast to that by software company Advanced and solicitors firm DPP Law who were both recently fined after suffering cyberattacks. The U.K. Information Commissioner’s Office (ICO) announced on Wednesday it would not be pursuing an investigation of the British Library following a cyberattack against the institution in October 2023. The British Library — the national library of the United Kingdom and an archive of millions of books and manuscripts — has been praised for its response to the incident. The British Library’s security failings — including a lack of multi-factor authentication on an administrator account — could have been seen as a breach of laws requiring companies to adequately protect their systems. The privacy regulator said that having “carefully considered this particular case” it “decided that, due to our current priorities, further investigation would not be the most effective use of our resources.” The ICO has the power to issue monetary penalties or reprimands after an investigation.
This Cyber News was published on therecord.media. Publication date: Thu, 01 May 2025 12:05:09 +0000