Several well-known museums are currently facing challenges in showcasing their collections on the internet. This issue arose after a cyberattack targeted a major technology service provider that assists numerous cultural organisations in presenting their works digitally and handling internal documents.
Gallery Systems, the service provider, conveyed in a recent message to its clients, as reported by The New York Times, that it identified an issue on December 28. During this time, the computers running its software were encrypted, rendering them incapable of functioning.
“Certain computer systems that run our software became encrypted, which prevented them from operating,” it said.
The service provider stands as a prominent supplier of gallery and collection management software, boasting a portfolio that encompasses over 800 museums.
Among its esteemed clients are renowned institutions such as the Museum of Modern Art (MoMA) in New York, the Metropolitan Museum of Art (Met), the Chrysler Museum of Art, the Museum of Pop Culture (MoPOP) in Seattle, the Barnes Foundation, the Crystal Bridges Museum of American Art, and the San Francisco Museum of Modern Art (SFMOMA).
“We immediately took steps to isolate those systems and implemented measures to prevent additional systems from being affected, including taking systems offline as a precaution,” the company said in the message.
“We also launched an investigation and third-party cybersecurity experts were engaged to assist. In addition, we notified law enforcement.”
The impact of the disturbance became apparent as various museum websites displayed signs of dysfunction. eMuseum, a typically reliable tool that enables visitors to explore online collections, was inaccessible.
Behind the scenes, the disruption extended further. Some curators shared their experiences of returning from winter vacations only to discover that they were unable to access crucial information stored in another Gallery Systems program known as TMS.
The system holds valuable details such as donor names, loan agreements, provenance records, shipping information, and storage locations for priceless artworks.
“We noticed the outage starting Dec. 28,” Sandrine Milet, a spokeswoman for the Rubin Museum, said. “TMS was back and running yesterday while eMuseum is still down.”
T. Barton Thurber, the director of the Frances Lehman Loeb Art Center at Vassar College, said, “I can confirm that unfortunately our museum — along with many others — has been impacted by the attack.”
Paige Francis, the chief information officer at Crystal Bridges, said, “We are mostly concerned about the public’s inability to benefit from viewing our collection remotely during this disruption.”
Security experts report a rising frequency of cyberattacks targeting cultural organizations. In November, a ransomware group breached the British Library, stealing personal data and sharing images of internal human resources files.
Additionally, the Metropolitan Opera and the Philadelphia Orchestra encountered cyberattacks last winter, impeding their online ticket sales operations.
In numerous instances, these attacks have been orchestrated by ransomware groups, who seize control of the online service and demand payment from victims to restore access. The specific details regarding the attack on Gallery Systems remain unclear.
Several museums, such as the Metropolitan Museum of Art and the Whitney Museum of American Art, which depend on Gallery Systems, stated that they remained unaffected as they manage their own databases.
“The objects in museums are valuable, but the information about them is truly priceless,” says Erin Thompson, a professor of art crime at John Jay College of Criminal Justice in New York.
“Often, generations of curators will have worked to research and document an artifact. If this information is lost, the blow to our knowledge of the world would be immense.”
Meanwhile, the company has informed law enforcement and is presently examining the consequences of the incident. Gallery Systems has assured to furnish additional information as the investigation advances.
Threat actors responsible for the attack have yet to asserted accountability for the data breaches which is surprising as typically, a hacking collective would append its target to an undisclosed data leak platform, aiming to escalate pressure and compel negotiations for a ransom.
The extent of the cyberattack’s prevalence and its complete impact were not immediately evident, and Gallery Systems did not promptly respond to requests for comment via email and phone.
