The growing amount of cultural material online has made research easier, but it has also increased the risk of cyberattacks. These attacks on cultural institutions are becoming increasingly frequent, highlighting our shortcomings in the protection of our digital heritage.
One of the worst cyberattacks occurred in the United Kingdom and targeted the British Library on 28 October 2023. The hacker group, known as Rhysida and suspected of being of Russian origin, used ransomware to demand £600,000, but received nothing. They then released 500,000 stolen files, including personal data from both employees and users, for free download on the dark web. The consequences were catastrophic : the online catalogue remained out of service for months, and the recovery costs were estimated at £6-7 million, representing nearly 40% of the Library’s financial reserves.
A few days later, the Toronto Public Library suffered a similar attack. In December 2023, the Gallery Systems software used by several American museums, was compromised due to a provider vulnerability. This simultaneously caused the unavailability of digital collections accross multiple museums in the United States. The intensity of cyberattacks targeting cultural institutions remained high in 2024-2025, although they received less media coverage. In 2026, the Vivaticket platform was targeted by a hacker group known as RansomHouse. The impact was significant, as it is the ticketing system used by major French cultural sites such as the Louvre, the Musée d’Orsay and the Eiffel Tower. The immediate effects included operational paralysis and a major risk of personal data breaches.
This kind of incident is no longer isolated but part of a growing trend targeting cultural institutions around the world. These attacks are not solely motivated by financial gain, they also aim to appropriate the history of other nations in order to erase or alter it. In January 2025 an intelligence report compiled by a London-based security analysis firm revealed that these attacks are likely part of Russian programmes designed to target cultural heritage in order to rewrite history and destabilise adversaries. Indeed, when a museum’s collections management system suffers breaches, provenance records become uncertain. Falsifying or tampering with these archives undermines the foundations of national identity.
The danger is real, and since the war in Ukraine began, some European countries have had to face this risk. For example, archivists at the National and University Library in Zagreb were aware that they needed to plan how to evacuate their digital objects.
Unfortunately, some aspects of cultural institutions make them attractive targets for sophisticated threat actors :
- A lack of resources for cybersecurity ;
- The past decade has been an intensive period of digitalisation : collections were put online, online ticketing systems were deployed, CRM platforms were implemented and interactive digital experiences were introduced. The priority was given to rapid adoption rather than focusing on security issues.
- Third-party dependencies such as the Gallery Systems software provided by a single supplier or the Vivaticket platform used by various French cultural sites.
- Open-by-design culture : digital access to cultural institutions is intended for everyone. There is therefore a tension between this ideal of openness and the security measures that are essential for data protection.
- Incomplete emergency data plans : in 2024 only 69% of American museums surveyed by the American Alliance of Museums reported having an emergency plan. Nevertheless, those plans were designed for physical disasters such as fires and floods, not digital threats.
Concerning the British Library attack, forensic analysis revealed that the main shortcoming was the lack of multi-factor authentication for access to all organisational assets.
A policy debate highlights that the major issue concerns classification. Indeed cultural institutions are not considered critical infrastructure such as companies operating in the energy, finance and healthcare sectors. Due to this situation, they are excluded from enhanced regulatory requirements, government cybersecurity reporting and information-sharing frameworks.
In the meantime, several measures should be adopted by cultural institutions to maintain the integrity and authenticity of their collections :
- Encryption algorithms ;
- Access controls ;
- Authentication mechanisms ;
- Network monitoring tools ;
- Staff phishing training ;
- Redundant storage systems such as LOCKSS (Lots Of Copies Keep Stuff Safe) and CLOCKSS (Controlled LOCKSS). Copies must be stored in diverse locations and sometimes centralised for various partners (CLOCKSS system).
Cultural genocide has always been a major feature of warfare throughout history (from the burning of the Library of Alexandria to the systematic destruction of museums, libraries and archives across Europe during the Second World War) and today, the risk no longer concerns only tangible artefacts but also digital resources. Nevertheless, it is the responsibility of all democratic societies to safeguard their national identity by preserving all documents that reflect the diversity of their populations.
Sources :
DINH NGUYEN Christina, « Digital cultural heritage in the crossfire of conflict: cyber threats and cybersecurity perspectives », 2024, University of Toronto Mississauga Library
https://www.aam-us.org/2025/01/20/stop-look-think-how-to-manage-digital-vulnerabilities/
https://blog.degruyter.com/cyberattacks-on-cultural-heritage-institutions/
