Several prominent museums have been unable to display their collections online since a cyberattack hit a prominent technological service provider that helps hundreds of cultural organizations show their works digitally and manage internal documents. The Museum of Fine Arts Boston, the Rubin Museum of Art in New York and the Crystal Bridges Museum of American Art in Arkansas were among the institutions confirming that their systems have experienced outages in recent days. The service provider, Gallery Systems, said in a recent message to clients, which was obtained by The New York Times, that it had noticed a problem on Dec. 28, when computers running its software became encrypted and could no longer operate. “We immediately took steps to isolate those systems and implemented measures to prevent additional systems from being affected, including taking systems offline as a precaution,” the company said in the message. “We also launched an investigation and third-party cybersecurity experts were engaged to assist. In addition, we notified law enforcement.” Gallery Systems did not immediately respond to email and phone requests for comment. Signs of disruption were evident on several museum websites because eMuseum, a tool that usually lets visitors search online collections, was down. There was also disruption behind the scenes: Some curators said that they had returned from their winter vacations to find themselves unable to access sensitive information from another Gallery Systems program called TMS. The cyberattack against Gallery Systems was not clear. The objects in museums are valuable, but the information about them is truly priceless. If this information is lost, the blow to our knowledge of the world would be immense.
Cyberattacks against cultural groups are becoming more common, according to some security experts. In November, personal data was stolen from the British Library by a ransomware group, which posted images of internal human resources files. The Metropolitan Opera and the Philadelphia Orchestra also faced cyberattacks last winter, hampering their ability to sell tickets online. Some museums that rely on Gallery Systems, including the Metropolitan Museum of Art and the Whitney Museum of American Art, said they were not affected because they host their own databases. It was not immediately clear how widespread the cyberattack was, or what the full impact of it would be.