In a significant blow to the museum world, a cyberattack targeting Gallery Systems, a leading technological service provider for cultural organizations, has left several prominent museums grappling with outages in their digital displays and internal databases.
The affected institutions are the Museum of Fine Arts in Boston, the Rubin Museum of Art in New York, and the Crystal Bridges Museum of American Art in Arkansas. These museums have reported disruptions in their online collections and internal systems, hindering their ability to showcase artworks and manage essential documents.
In a communication to its clients, Gallery Systems revealed that the anomaly was first detected on December 28. “Computers running our software became encrypted and could no longer operate,” the company stated. Immediate measures were taken to isolate affected systems, engage third-party cybersecurity experts, and notify law enforcement agencies. However, the full extent and nature of the cyberattack remain unclear, as Gallery Systems has yet to provide further details.
The repercussions of the attack are evident across museum websites, with the eMuseum tool, which enables online collection searches, remaining inaccessible. Furthermore, curators have reported difficulties accessing vital information from the Gallery Systems’ TMS program, which houses sensitive data such as donor names, loan agreements, provenance records, and artwork storage locations.
While some institutions, including the Metropolitan Museum of Art and the Whitney Museum of American Art, remain unaffected due to hosting their databases, others like the Museum of Fine Arts, Boston, confirm the disruption of their digital collection pages but assure the public that internal data remains uncompromised.
The cyberattack underscores a growing trend of targeted attacks against cultural organizations. Recent incidents include a ransomware attack on the British Library, where personal data was stolen and internal files were publicly disclosed, and disruptions faced by the Metropolitan Opera and the Philadelphia Orchestra last winter, impacting their online ticketing systems.
Security experts warn that such attacks, often orchestrated by ransomware groups, pose a significant threat to the preservation and accessibility of cultural heritage. “The objects in museums are valuable, but the information about them is truly priceless,” remarked Erin Thompson, a professor of art crime at John Jay College of Criminal Justice in New York. The potential loss of curated information could have profound implications for our understanding of history and culture.
As museums work diligently to restore their digital platforms and secure their databases, the incident is a stark reminder of the vulnerabilities inherent in the digital age. It underscores the need for robust cybersecurity measures and heightened vigilance to safeguard the invaluable treasures of the art world and ensure continued access for audiences worldwide.
In the face of adversity, the museum community remains resilient, prioritizing the restoration of services and the protection of cultural assets. As investigations into the cyberattack continue, the focus remains on preserving the integrity of information and reinforcing defences to prevent future disruptions.