Hundreds of Online Museum Collections Suffer in Cyber Attack

A cyber attack on a software company called Gallery Systems impacted hundreds of art institutions, including the Museum of Fine Arts Boston, the Rubin Museum of Art in New York and the Crystal Bridges Museum of American Art in Arkansas, which used the software to manage their online archives and collections.

According to the New York Times, Gallery Systems told its clients on December 28 they’d learned that computers running its software had become encrypted and that those systems could no longer function. “We immediately took steps to isolate those systems and implemented measures to prevent additional systems from being affected, including taking systems offline as a precaution,” the message read. “We also launched an investigation and third-party cybersecurity experts were engaged to assist. In addition, we notified law enforcement.”

eMuseum, the program that allows visitors to search an institution’s archives and collections suffered in the attack, as was a program named TMS, which stores donor names, loan terms, provenance records, the storage locations of artworks, and shipping information.

Museums are far from the only cultural institutions that have had to deal with cyber attacks in recent months. Last year both the Metropolitan Opera and the Philadelphia Orchestra faced online attacks, and in November, a ransomware group stole personal data from the British Library, later posting images of human resource files online. 

“The objects in museums are valuable, but the information about them is truly priceless,” Erin Thompson, a professor of art crime at John Jay College of Criminal Justice in New York, told The Times. “Often, generations of curators will have worked to research and document an artifact. If this information is lost, the blow to our knowledge of the world would be immense.”