Museum World Hit by Cyberattack on Widely Used Software

Several prominent museums have been unable to display their collections online since a cyberattack hit a prominent technological service provider that helps hundreds of cultural organizations show their works digitally and manage internal documents. From a report: The Museum of Fine Arts Boston, the Rubin Museum of Art in New York and the Crystal Bridges Museum of American Art in Arkansas were among the institutions confirming that their systems have experienced outages in recent days. The service provider, Gallery Systems, said in a recent message to clients, which was obtained by The New York Times, that it had noticed a problem on Dec. 28, when computers running its software became encrypted and could no longer operate.

"We immediately took steps to isolate those systems and implemented measures to prevent additional systems from being affected, including taking systems offline as a precaution," the company said in the message. "We also launched an investigation and third-party cybersecurity experts were engaged to assist. In addition, we notified law enforcement." Signs of disruption were evident on several museum websites because eMuseum, a tool that usually lets visitors search online collections, was down. There was also disruption behind the scenes: Some curators said that they had returned from their winter vacations to find themselves unable to access sensitive information from another Gallery Systems program called TMS. That system can include the names of donors, loan agreements, provenance records, shipping information and storage locations of priceless artworks.

Probably

[ArchieBunker]

Some cloud based bullshit. Of course the museums will learn nothing from this.

Some CLOUD~1 based bullshit ;)

[Mirnotoriety]

"On Thursday, December 28, 2023, certain computer systems that run our software became encrypted, which prevented them from operating"

Smithsonian probably affected too

[PeeAitchPee]

Many of their museums are TMS users so they're likely hit by this as well.

Before the usual suspects here tee off on how irresponsibly stupid the museum people are for allowing this to happen, it's wise to remind everyone that almost all museums (yes, even the big ones like Smithsonian) are funded mostly by donations and therefore it's a lot harder / not as likely for them to have the enterprise class security you all continually insist the world must universally have, and if they don't they're just a bunch of idiots who deserve this and every other evil the black hats can foist on them etc. Also, there are very few choices with this type of niche software, so the other option is probably for them to write their own -- and again, we're back to (lack of) funding. Rather than mocking them, the most helpful thing to is make a donation to your favorite museum earmarked for IT security upgrades -- or better yet, volunteer you own expertise, if you're as smart as you claim to be.

Re:

[Voyager529]

Before the usual suspects here tee off on how irresponsibly stupid the museum people are for allowing this to happen

This is fair. The museums were sold a bill of goods, and GallerySystems failed to deliver. More on that in a bit.

it's wise to remind everyone that almost all museums (yes, even the big ones like Smithsonian) are funded mostly by donations

This is true. However, go to the GallerySystems website. It doesn't have pricing listed. The staff has a "sales manager" and three people listed as "professional services". Eighteen staff members are listed on the website, none of whom are developers, systems engineers, cybersecurity specialists, or database admins. I've never heard of the company before today, but the website sets off all the al

Why a service?

[RitchCraft]

Set up a web server, hire an in house web designer, give him/her a camera, post pictures, add captions, win.