A tech service provider that works closely with many American museums announced it experienced a cyberattack recently. Gallery Systems stated they realized they had a problem on December 28th, when the computers running their systems became encrypted and inoperable. As a result, several major museums that use their program eMuseum could not display their collections online. Another program affected is TMS, which curators use to store and view information ranging from documentation of collection items to lists of donors. The cultural institutions affected include the Rubin Museum, the Museum of Fine Arts Boston, and the Crystal Bridges Museum of American Art.
Cyberattacks against cultural institutions are becoming more and more common. Most notably, there was an incident involving the Metropolitan Opera House’s website, where hackers targeted the site’s ticket-selling abilities. The opera house’s box office was closed for nine days. The Philadelphia Orchestra and the British Library have also faced similar attacks. Many of these incidents involve ransomware, where a hacker or a group of hackers holds a website hostage until the required money is paid. While Gallery Systems has already launched an investigation, hired a third-party cyber security team, and notified law enforcement, the nature of the attack is not yet known. If it is a ransomware attack, no demands have been made public. Larger museums that use Gallery Systems’ technology, like the Metropolitan Museum of Art and the Whitney Museum, used their own databases and were not affected.
According to a Gallery Systems statement, “We have been working around the clock to restore access to the software, and we sincerely appreciate your patience during this time. We will be restoring your data with the last available backup.” Several museums also reassured everyone that the incident had not affected personal data.