Last week, hackers hit a popular software used by museums to handle their sensitive information, causing online collections to go down.
The news was first reported by Bleeping Computer, which received a copy of a notice that Gallery Systems, a museum software solutions provider, sent to institutions advising of a breach. It disclosed that its ongoing I.T. outages were caused by a ransomware attack on December 28.
“Certain computer systems that run our software became encrypted, which prevented them from operating,” read the letter. “We have been working around the clock to restore access to the software and we sincerely appreciate your patience during this time. We will be restoring your data with the last available backup.”
Though the report referred to the incident as a ransomware attack, it was not immediately clear if ransoms were demanded.
The letter was also obtained by The New York Times, which reported that Gallery Systems had reached out to third-party cybersecurity experts for assistance and notified law enforcement. Some of the museums affected that confirmed the breach to the Times include the Frances Lehman Loeb Art Center at Vassar College, the Rubin Museum of Art in New York, and Crystal Bridges Museum of American Art in Arkansas.
“The Crystal Bridges eMuseum, which is a system that provides access to our online collection, has been down for a week due to the recent Gallery Systems issue,” said Paige Francis, chief information officer of art and wellness enterprises at the museum, in an email to Artnet.
Francis said that the museum is “mostly concerned about the public’s inability to benefit from viewing our collection remotely during this disruption.”
“The data of our customers and visitors has not been compromised. Access to our digital collection is the only impact,” Francis said. From a security standpoint, we have been proactive in shoring up our digital architecture and the breach has been minimal. Our technology and art management teams have been working closely with the vendor to resolve the issue and restore access to our digital collection.”
The eMuseum collection management software enables institutions to design and display their digital collections, and is used by major museums worldwide. Meanwhile, workers were unable to access sensitive information through another of the company’s programs, TMS, which stores the names of donors, loan agreements, provenance records and other data, according to the Times.
Artnet News has reached out to other impacted museums and Gallery Systems for more information but did not hear back by press time.
The Metropolitan Museum of Art in New York, which also uses Gallery Systems software but stores its own database, confirmed to Artnet News that it was not affected by the breach. And, according to the Times, neither was the Whitney Museum of American Art. The Museum of Fine Arts in Boston told the Times that its online collections page was affected by the hack but that its internal data was not compromised.