- World-famous British museum suffers from multi-day cyberattacks
- The attack was caused by a former IT entrepreneur
- The exhibitions were closed this weekend, but have since reopened
A former employee of the British Museum has been arrested on suspicion of burglary and criminal damage after allegedly carrying out a cyber attack on site which closed exhibitions for several days.
“An IT contractor who was fired last week broke into the museum and shut down several of our systems. Police attended and he was arrested at the scene,” a British Museum spokesperson said.
The former contractor’s actions caused the museum’s ticketing system to cease operation, leading to exhibits only open to reservations and pre-booked members.
Closed exhibitions
The Metropolitan Police said they were called to the museum at 8.25pm last Thursday to reports that “a man entered the British Museum and caused damage to the museum’s security and IT systems”. Police attended the scene and arrested a man in his 50s, who has since been released on bail.
An email sent to British Museum members this morning said all three of the museum’s exhibitions were now open. “The closures over the past few days will have been disappointing and frustrating, and we are very sorry if your planned visit has been impacted.”
“We will work to add additional opportunities to view exhibits outside of hours in the coming weeks. Thank you for your patience and understanding as colleagues worked to resolve the issues,” the email said.
The museum also offered refunds to ticket holders.
The attack highlights the need for organizations to implement strict identity management policies to ensure that credentials and privileges are revoked when an employee’s contract ends, preventing them from access it or the network infrastructure.
Museums, charities and other cultural institutions are increasingly becoming targets for ransomware and cyberattacks because of the customer data they process. Organizations like these often do not recognize themselves as potential targets of cyberattacks and, therefore, place less priority on investing in cybersecurity systems.
Via The guardian
