Museums in Danger: A closer look at cyber security

Museums around the world have seen a rise in attacks. Cyber attacks being among the most prominent ones. With “Museums in Danger”, IATM’s next annual conference is a platform to look at different threats and challenges transport and communication museums are facing as well as exchange stories, ideas, and solutions. This article series puts one aspect of the large spectrum into focus each week. Cyber Security is leading it off:

One cyberattack almost every 39 seconds. That’s the global mean for 2023 according to Security Magazine. There are many motivations as to why hacks can take place. Some may be due to pure curiosity or in the interest of the institutions’ security. Others can be geo-strategic or political. However, a large number of attacks is performed by ransomware gangs. They are looking for relatively easy ways to gain money quickly. Research found that in 2023 a record $1.1 billion were paid by victims to retrieve data and safe it from public release.

Thus, the selection of targets can be rather arbitrary. Yet, critical infrastructure such as military, government or health care services are of high interest as the motivation to pay the ransom for a smooth solution and continued work are deemed to be higher than in other sectors. GLAM institutions are of course not unaffected by this. While there are no known attacks motivated by political or scientific interests, money is behind a number of recent attacks on the GLAM sector globally. We have selected three recent examples:

The British Library

Very prominently, the British Library fell victim to a cyber attack in October 2023. At the beginning, online and onsite services were extremely limited. Key aspects of the public daily library business such as loaning books and using the public workspaces were impossible or troublesome^[Source].

Many services and lots of information was unavailable: Including no access to the online collections or the large amount of collection items not held in the reading rooms. Until today, the Library has not fully recovered: The website is still a temporary version, photographic reader passes can only be issued again since late March 2024 and since January, the online collections have been made available slowly.

Additionally, some of the information gained by the hacker group Rhysida, was published onto the dark web. This included personal information of British Library staff & customers.^[Source]

Overall, the current British Library experience is extremely different from what it used to be. To aid others and be as transparent as possible, the British Library published a paper detailing the incident and affected services as well as recent developments. As investigations are ongoing, not all information is being shared with the public. On its long road to recovery, the library is supported by the National Cyber Security Centre (NCSC) in the UK.

eMuseum/Gallery Systems

The year 2023 ended in a mostly short-lived disaster for the software provider Gallery Systems. The service that offers software solutions for collection and loan management as well as online publication was attacked by hackers at the end of December.

As a result, online collections through the eMuseum services by institutions such as the Rubin Museum of Art in New York, and Crystal Bridges Museum of American Art in Arkansas were unavailable. The company was able to recover the data and get the online collections and exhibitions back on their servers rather quickly through backups. Mostly larger institutions were not affected as they host their online collections on internal servers.

Additionally, Gallery Systems’ collection management system “TMS” was attacked in the same process. TMS can hold sensitive information on donors, loans, provenance, and other data. However, further details on the matter were neither disclosed by the company nor affected institutions.

Museum of Natural History Berlin

The autumn and winter attacks also continued to another institution: Berlin’s Museum of Natural History experienced large disruptions to its digital infrastructure that are ongoing.

Communication channels, collection and research software, data storage, and others were affected. It resulted in major disruptions to research and overall communication. 

By now, the museum is still assessing the full damage and was able to return to essential services very quickly. Other aspects are gradually put into operation as far as data recovery, investigations, and security issues allow. The museum decided to share updates publicly. It has not paid the demanded ransom. During the investigation it became apparent that 2 percent of its visitors who had paid using PayPal during a specific time period where affected by the attack.

In conclusion, museums and other cultural institutions have to add cyber security to their long list of tasks. Not least, to be able to fulfill our main tasks: Safeguarding collections, performing research, sharing knowledge publicly, and staying accessible. 

In sharing their experiences openly, we can benefit from experiences and knowledge gained at different institutions. And so will you at IATM’s annual conference “Museums in Danger” this September in Finland.

Further reading

Interested to read on on the matter? Here are a few links:

• https://www.myartbroker.com/art-and-tech/articles/the-winter-2023-hacking-attack-on-museums
• https://vipre.com/resources/email-security-in-2024-an-expert-look-at-email-based-threats
• https://www.securitymagazine.com/articles/100414-research-shows-that-15-of-emails-were-malicious-in-2023
• https://www.securitymagazine.com/articles/100335-cyberattack-attempts-increased-104-in-2023
• https://www.armis.com/anatomy-of-cybersecurity
• https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023