A cyberattack targeting Gallery Systems, a crucial software provider utilized by numerous museums, has caused widespread disruptions in online collection displays and sensitive information management.
The attack, identified on December 28, rendered computers running Gallery Systems’ software inoperable due to encryption, impacting institutions such as the Museum of Fine Arts Boston, the Rubin Museum of Art, and the Crystal Bridges Museum of American Art. These museums reported system outages, affecting their online collection showcases and internal document management.
Gallery Systems, acknowledging the issue in a message obtained by The New York Times, detailed their immediate response, isolating affected systems, launching investigations, and engaging third-party cybersecurity experts. They also informed law enforcement but have not responded to requests for comment as of yet.
The disruption affected museum websites utilizing eMuseum, causing visitors’ inability to access online collections. Behind the scenes, curators faced restricted access to sensitive information stored in Gallery Systems’ TMS program, encompassing donor names, loan agreements, provenance records, shipping details, and artwork storage locations.
While some institutions like the Rubin Museum had TMS back online, eMuseum remains inaccessible. Other impacted museums, including the Frances Lehman Loeb Art Center at Vassar College, confirmed the attack’s impact on their operations.
Expressing concern over public access limitations, Crystal Bridges’ Chief Information Officer, Paige Francis, highlighted the disruption’s impact on remote collection viewing.
Security experts note an increasing trend of cyberattacks targeting cultural institutions. Prior incidents include data theft from the British Library and cyberattacks on the Metropolitan Opera and the Philadelphia Orchestra.