(Bloomberg) -- The British Library said a ransomware attack by a criminal group is the cause of a technology outage which has disabled its website and other computer systems for weeks.

Some data has been leaked “from files relating to our internal HR information,” the library said in a statement posted on the social media platform X, formerly known as Twitter. The organization announced an investigation into the outage on Oct. 31 and said it had contacted police and enlisted the help of the UK’s National Cyber Security Centre. The library said it suspected a cyber attack earlier this month. 

The library’s website has been unavailable since Oct. 28, preventing visitors from accessing its extensive digital catalog. At the library’s main London St. Pancras location, which has more than 1.5 million visitors every year, there is only “very limited, manual collection” of items that require a paper form. The library’s Wi-Fi internet has also stopped working, and its gift shop has had to resort to cash-only payments to stay open.

A ransomware gang known as Rhysida has claimed responsibility for the hack. On its darkweb page on Monday, the group posted that it was auctioning off “exclusive, unique, and impressive data” from the British Library. The starting price on the auction was listed as 20 Bitcoin – approximately $747,000 – which was scheduled to end on Nov. 27. The gang also published copies of passports, driving licenses and other documents that it indicated it had stolen from the library’s computers.

The British Library is one of the world’s largest libraries, containing more than 170 million items, including 13.5 million printed books and e-books and 60 million newspapers. It has about 10 million annual unique users to its website, which allows users to access a digital collection containing billions of files.

The library said it has no evidence that wider user data has been compromised, although it advised that users should update their passwords if they are used elsewhere.

Criminal hackers use ransomware to encrypt their victims’ computers, rendering them inoperable. They then demand payment to unlock the computers and usually threaten to publish stolen internal data.

According to cybersecurity experts, Rhysida operates under a model known as “ransomware as a service,” where the gang’s leaders essentially lease out their malicious software and infrastructure to other hackers. They then split any money that is earned through extorting their hacking victims.

On Nov. 15, the US Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency published a joint alert about Rhysida. The agencies warned that hackers had been identified using the ransomware to target the education, health care, manufacturing, information technology and government sectors.

In August, the gang said it was behind a damaging hack on US health-care provider Prospect Medical Holdings, which runs 16 hospitals in California, Connecticut, Pennsylvania, and Rhode Island. The incident forced some of the hospitals to cancel appointments and reroute ambulances. The gang has also claimed responsibility for attacks earlier this year on a Portuguese hospital and government agencies in Chile and the Dominican Republic.

©2023 Bloomberg L.P.