BL A.I CyberSecurity Scoring
BL
Company Information
Website:http://www.bl.uk
Employees number:1,310
Number of followers:98,268
NAICS:51912
Industry Type:Libraries
Homepage:bl.uk
BL Risk Score (AI oriented)
Between 600 and 649
BLLibraries
Updated:
01/04/2026
01/04/2026
631/1000
Poor
Caa
BL Global Score (TPRM)
xxxx
BLLibraries
Score locked

BLPoor
Current Score
631Caa (POOR)
01000
4 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
628
JUNE 2026
628
MAY 2026
624
APRIL 2026
621
MARCH 2026
631
FEBRUARY 2026
614
JANUARY 2026
610
DECEMBER 2025
618
NOVEMBER 2025
617
OCTOBER 2025
613
SEPTEMBER 2025
609
AUGUST 2025
605
MAY 2025
588
Cyber Attack
01 May 2025 • BL
Microsoft: Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
Microsoft Disrupts Fox Tempest Cybercrime Operation Selling Code-Signing Certificates to Ransomware Gangs
570
CRITICAL-18
MIC1779231548
Microsoft Disrupts Fox Tempest Cybercrime Operation Selling Code-Signing Certificates to Ransomware Gangs
Microsoft has seized websites and dismantled hundreds of virtual machines linked to Fox Tempest, a cybercrime service that sold fraudulent code-signing certificates to ransomware groups, enabling malware to bypass security checks by appearing as legitimate software. The operation, active since May 2025, exploited Microsoft’s Artifact Signing service by creating over 580 fake accounts under stolen identities to obtain and resell valid certificates.
Among Fox Tempest’s customers was the ransomware group Vanilla Tempest (also known as Vice Spider, Vice Society, and Rhysida), which used the certificates to sign malware including the Oyster backdoor, Lumma and Vidar infostealers, and Rhysida ransomware facilitating unauthorized access, data theft, and extortion. Microsoft’s investigation also tied the operation to other ransomware affiliates, such as INC, Qilin, and Akira.
Between February and March 2025, Microsoft’s Digital Crimes Unit (DCU) conducted undercover test purchases, posing as a buyer to document the service’s operations. Prices ranged from $5,000 for standard certificates to $9,500 for expedited delivery, with payments processed via cryptocurrency. The DCU traced transactions to wallets controlled by the operators, identified in court documents as John Doe 1 and 2 (alias SamCodeSign).
The impact was widespread: Microsoft confirmed thousands of infected machines in the U.S., including at least 12 of its own systems, were compromised by malware signed with Fox Tempest’s certificates. The civil complaint, unsealed on Tuesday, describes ongoing criminal activity, including unauthorized access, data exfiltration, and ransomware deployment.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2024
686
Ransomware
12 Dec 2024 • BL
British Library: National Museum of the Royal Navy hit by cyber attack
National Museum of the Royal Navy Ransomware Attack
565
CRITICAL-121
THE1774744288
National Museum of the Royal Navy Hit by Ransomware Attack
The National Museum of the Royal Navy confirmed it fell victim to a ransomware attack on Monday, 9 December, disrupting services across its network of sites. While the museum’s locations including Portsmouth Historic Dockyard, the Fleet Air Arm Museum, and HMS Caroline in Belfast remain open, the incident has significantly impacted operations. The institution is working with its IT provider, law enforcement, the Royal Navy, and the National Cyber Security Centre (NCSC) to assess the attack’s origin and mitigate its effects.
The breach follows a string of high-profile cyberattacks on cultural institutions, including last year’s Rhysida ransomware attack on the British Library, which resulted in £1.6 million in losses and forced a complete infrastructure overhaul. Museums and libraries globally have faced heightened threats, with similar incidents reported in Canada and the U.S.
In response to growing cyber risks, the UK government has signaled a "tech focus" in its upcoming spending review to bolster defenses for vulnerable organizations. Culture Secretary Lisa Nandy emphasized cross-government efforts to strengthen protections against such attacks. The NCSC continues to provide guidance on cybersecurity best practices.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
OCTOBER 2023
677
Cyber Attack
01 Oct 2023 • BL
British Library
British Library Cyber Attack (October 2023)
659
CRITICAL-18
THE4992549110125
The British Library, home to over 170 million items including historically significant documents like the Magna Carta, suffered a major cyber attack in October 2023 that crippled its digital systems. The attack led to the leak of staff personal details (addresses, passport scans) on the dark web after the library refused to pay a £600,000 ransom. Two years later, the disruption persists: services like ebooks, archives, and online journals remain unavailable, forcing staff to manually process orders, increasing workloads, and exposing them to abuse from frustrated users. Employees, some of whom had experienced domestic abuse, faced severe consequences, including relocation due to exposed addresses, constant fraudulent communications, and financial strain. Over 300 staff went on strike on the attack’s second anniversary, citing below-inflation pay rises (2.4%), unaddressed pay shortfalls, and the emotional toll of sustained operational chaos. The attack’s long-term impact includes reputational damage, operational paralysis, and ongoing staff exploitation, with no full system recovery in sight.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2023
763
Ransomware
16 Jun 2023 • BL
British Library
Rhysida ransomware group spoofs Microsoft Teams ads on Bing to deliver OysterLoader and Latrodectus malware
671
CRITICAL-92
THE2092420110325
The British Library fell victim to a Rhysida ransomware attack in 2023, resulting in the theft of approximately 600GB of sensitive data. The attack was part of a broader campaign where the Rhysida group, operating under a Ransomware-as-a-Service (RaaS) model, exploited poisoned Bing ads mimicking Microsoft Teams download pages to distribute malware. Victims unknowingly downloaded OysterLoader and Latrodectus, which deployed ransomware, backdoors, and infostealers. The breach severely disrupted the library’s operations, compromising internal systems, employee records, and potentially user data, including research materials and personal information. The attack underscored the group’s sophistication in leveraging social engineering and trusted platforms (Microsoft/Bing) to infiltrate high-profile targets. While the full extent of financial or reputational damage remains undisclosed, the incident aligns with Rhysida’s history of targeting critical infrastructure, education, and government entities, often demanding ransoms for decryption keys and stolen data recovery.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for BL ??
What was BL's A.I Rankiteo Cyber Score in June 2026 ??
What was BL's A.I Rankiteo Cyber Score in May 2026 ??
What was BL's A.I Rankiteo Cyber Score in April 2026 ??
What was BL's A.I Rankiteo Cyber Score in March 2026 ??
What was BL's A.I Rankiteo Cyber Score in February 2026 ??
What was BL's A.I Rankiteo Cyber Score in January 2026 ??
What was BL's A.I Rankiteo Cyber Score in December 2025 ??
What was BL's A.I Rankiteo Cyber Score in November 2025 ??
What was BL's A.I Rankiteo Cyber Score in October 2025 ??
What was BL's A.I Rankiteo Cyber Score in September 2025 ??
What was BL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on BL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with BL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view BL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?