ICO closes investigation into British Library ransomware attack
30/04/2025 | ICO
The Information Commissioner's Office (ICO) has released a statement concerning the British Library ransomware attack in November 2023. The statement stresses that the incident was exacerbated by the absence of multi-factor authentication on an administrator account. In addition, the ICO statement also notes that the investigatory and remedial steps taken by the British Library, outlined in the publication of a cyber incident report in March 2024, provide valuable learning points for other organisations to follow. The report highlighted the use of third-party providers as a risk and mentions a review of security provisions relating to their access management planned for later that year. The ICO commended the British Library for its transparency regarding the system vulnerabilities, the impact of the attack, and the security improvements implemented since.
In light of these actions and the ICO's "current priorities", Information Commissioner John Edwards has decided that a further investigation into this specific case would not be the most effective use of resources.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.