MFA is among museums hit in cyberattack
Online collections searches hobbled
The Museum of Fine Arts is one of numerous cultural organizations that’s had its online collections search crippled after a cyberattack on Gallery Systems, a digital management service used by many museums to organize their public-facing collections as well as sensitive private documents.
MFA spokesperson Karen Frascona said the issue is confined to the museum’s public collections search function and that its private data, which is hosted on internal systems, remains secure.
“All confidential information remains secure, including donor data, artwork values and storage locations,” Frascona said in a statement to the Globe. “The only impact to the MFA is to the public collections search function on the Museum’s website, which is currently offline.”
Search functions for the Peabody Museum of Archaeology and Ethnology at Harvard University and for the Worcester Art Museum in Worcester also appeared inoperable Thursday morning.
A spokesperson for WAM confirmed that its collections search has been disabled by the attack. She added that staff access to a service that manages internal documents, “was affected and has now been resolved.”
The Peabody did not respond immediately to a request for comment.
The outage, as first reported by
The New York Times, has affected a number of high-profile institutions nationally, including Crystal Bridges Museum of American Art in Bentonville, Ark.; the Rubin Museum of Art in New York City; and the Frances Lehman Loeb Art Center at Vassar College in Poughkeepsie.
Frascona said the company “has not provided a timeline for the collection search to return.”
Gallery Systems did not respond immediately to a request for comment. In a recent communication to clients, however, the company said it first noticed the issue Dec. 28.
“We immediately took steps to isolate those systems and implemented measures to prevent additional systems from being affected, including taking systems offline as a precaution,” the company stated in a message obtained by the Times. “We also launched an investigation and third-party cybersecurity experts were engaged to assist. In addition, we notified law enforcement.”
Just how many museums and cultural groups have been affected by the attack remains unclear. But several local organizations, including the Isabella Stewart Gardner Museum and the Peabody Essex Museum, do not use the company’s services.
Spokespeople at the Clark Art Institute and the Williams College Museum of Art, both in Williamstown, said that although their museums use the service, searches have been unaffected because they’re hosted on internal servers.