Data from nearly 8,000 visitors hacked from Ashmolean website
MCG warns that cuts may put online security at risk
A hacker has stolen the personal details of 7,757 visitors in a cyber attack on the Ashmolean Museum’s website.
The hacker was able to extract the names, emails, addresses and telephone numbers of customers who had booked exhibition tickets through the University of Oxford museum’s online ticketing system.
The museum said the risk to visitors was small as no financial information or sensitive personal data had been exposed.
In an email to those affected, the museum wrote: “A cyber-attack on the Ashmolean Museum's website was recently identified and quickly blocked.
"Museum staff are working with staff of the university's IT Services to manage the response to the incident and are doing everything possible to ensure there are no further such attacks."
The museum has warned the people whose details were compromised that they may be targeted for unwanted marketing communications, but this response has been criticised for downplaying the risks to those affected.
Online security expert Graham Cluley told The Guardian that scammers could use the data to trick customers into thinking the museum was contacting them for donations, or spam the mailing list with emails containing malicious software.
The Museums Computer Group (MCG) has warned that other museums could be vulnerable to cyber attacks, saying that funding cuts were making it more difficult for them to keep up-to-date with the latest security software.
Mia Ridge, chair of the MCG, said: “As IT systems get both more specialised and more complex, it will be increasingly difficult for museum staff to keep up with the latest knowledge and software patches, particularly when funding cuts mean resources are generally stretched.”
Ridge said that outsourcing e-commerce and ticketing systems to third party suppliers could also create difficulties.
She said: “The advantage is that those systems are run by specialist experts, but it also means that some factors are therefore out of the museum's control.
“It also means more points of integration or data transfer, and this added complexity could create vulnerabilities in future; however, this must be weighed against the expertise and resources that would otherwise be required to run systems internally.”
Has your museum been affected by a cyber attack? Contact Museums Journal in confidence at journal@museumsassociation.org to let us know.
The hacker was able to extract the names, emails, addresses and telephone numbers of customers who had booked exhibition tickets through the University of Oxford museum’s online ticketing system.
The museum said the risk to visitors was small as no financial information or sensitive personal data had been exposed.
In an email to those affected, the museum wrote: “A cyber-attack on the Ashmolean Museum's website was recently identified and quickly blocked.
"Museum staff are working with staff of the university's IT Services to manage the response to the incident and are doing everything possible to ensure there are no further such attacks."
The museum has warned the people whose details were compromised that they may be targeted for unwanted marketing communications, but this response has been criticised for downplaying the risks to those affected.
Online security expert Graham Cluley told The Guardian that scammers could use the data to trick customers into thinking the museum was contacting them for donations, or spam the mailing list with emails containing malicious software.
The Museums Computer Group (MCG) has warned that other museums could be vulnerable to cyber attacks, saying that funding cuts were making it more difficult for them to keep up-to-date with the latest security software.
Mia Ridge, chair of the MCG, said: “As IT systems get both more specialised and more complex, it will be increasingly difficult for museum staff to keep up with the latest knowledge and software patches, particularly when funding cuts mean resources are generally stretched.”
Ridge said that outsourcing e-commerce and ticketing systems to third party suppliers could also create difficulties.
She said: “The advantage is that those systems are run by specialist experts, but it also means that some factors are therefore out of the museum's control.
“It also means more points of integration or data transfer, and this added complexity could create vulnerabilities in future; however, this must be weighed against the expertise and resources that would otherwise be required to run systems internally.”
Has your museum been affected by a cyber attack? Contact Museums Journal in confidence at journal@museumsassociation.org to let us know.