The cyber attack on the British Library began in late October and has taken large parts of the institution’s website offline for weeks.
The disruption has forced staff at the archive’s St Pancras site to accept some payments in cash-only and has taken down its public Wi-Fi.
On Monday, the British Library said: “Following confirmation last week that this leak was a ransomware attack, we are aware that some data has been leaked. This appears to be from our internal HR files.
“We have no evidence that data of our users has been compromised.”
The library has previously said it is working with the Metropolitan Police and the GCHQ-linked National Cyber Security Centre (NCSC) to conduct a forensic investigation and reinforce its IT systems.
Sir Roly Keating, chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”
The Rhysida ransomware virus surfaced in May 2023, according to cyber security firm Secureworks.
The group behind it is believed to be responsible for a string of further cyber attacks under another name, Vice Society, targeting schools and healthcare institutions.
Recent victims have included the Chilean military and the University of the West of Scotland.
Vice Society was blamed for stealing passport scans from over a dozen UK schools in a series of cyber attacks earlier this year. Some cyber security experts have said Vice Society appeared to be a Russian-speaking gang.
Last week, the NCSC warned ransomware remained “one of the greatest threats” to Britain’s national infrastructure because of its potentially crippling effects on a company’s IT systems.