Several museums have been affected by the recent hack of service provider Gallery Systems. THE New York Times reports that the attack caused computer outages, preventing the proper functioning of the websites of the affected museums.
Founded in 1981, Gallery Systems is a software provider for cultural institutions to manage and distribute their collections online. It is used daily by hundreds of museums around the world, but also by private and public archives or by private collectors.
In a message to its customers, the company said that as of December 28, 2023, some computer systems that ran this software were hacked and therefore stopped working. “We immediately implemented measures to isolate these systems and prevent others from being affected, including taking the systems offline as a precaution.”, she continues. Gallery Systems also launched an internal investigation, with support from cybersecurity experts.
The failures caused concern more specifically the eMuseum software, a platform used by museums to create collections and exhibitions viewable online. Disruptions were also noted in TMS software, another program managed by Gallery Systems. Some curators could no longer access confidential information stored on this system, including donor names, loan agreements, shipping information or even the storage locations of works of art.
Gallery Systems is used all over the world, but the cyberattack seems to have mainly targeted American cultural institutions. Among the museums concerned, we include the Museum of Fine Arts in Boston, the Rubin Museum of Art in New York and the Crystal Bridges Museum of American Art in Arkansas. Other museums, although users of this software, have not suffered computer failures because they host their own databases. This is the case of the Metropolitan Museum of Art and the Whitney Museum of American Art in New York.
Most of these attacks are launched by ransomware who keep the service down until they obtain a certain amount of money. According to New York Times, those responsible for this computer hacking (ransomware) have not yet been identified. The scale and impact of the attack are still difficult to assess.