The Art Gallery of Ontario (AGO) has informed its members about a data breach that occurred between September 9 and 18, involving unauthorized access to an internal server by a third party. The gallery’s communication indicated that the incident may have compromised personal information saved on their shared server over the previous year. While the extent of the breach is still being assessed, AGO staff have reached out to members to notify them of the situation, assuring them that the gallery’s day-to-day operations would not be disrupted by the incident.
In the notification sent to members, the AGO clarified that the vast majority of customer data and credit card information remained secure and unaffected by the breach. However, they acknowledged that some individuals might have had their personal information accessed, prompting the gallery to take proactive measures by informing those potentially impacted. The organization has not specified whether data belonging to staff members, donors, or non-member visitors has also been affected, leaving some uncertainty regarding the full scope of the breach.
As one of North America’s largest art institutions, the AGO has a significant membership base, with more than 100,000 individuals reportedly enrolled in its annual-pass program as of late 2019. This incident reflects a broader trend where cultural and entertainment organizations have increasingly become targets for cyberattacks, with hackers employing ever more sophisticated methods. Other notable breaches in the sector include a ransomware attack on Indigo Books and Music, which exposed personal information of staff, and an ongoing investigation into Ticketmaster after a global data breach affected millions of users.
In response to this breach, the AGO has activated its incident response plan and is collaborating with security specialists and external legal counsel to conduct a comprehensive investigation. They have committed to guiding their actions by relevant privacy legislation and best practices for data security. As the situation develops, the AGO remains dedicated to keeping its members informed while taking all necessary steps to protect their data and enhance its cybersecurity measures in the future.
Reference: