07.04.2026
3 min
171
A cyberattack on ticket sales platform Vivaticket disrupted online bookings at thousands of museums and monuments across Europe, including the Louvre and other key cultural sites.
What occurred at Vivaticket demonstrates how large of an issue there really is. As we know now, the reported ransomware attack began on March 2 and impacted approximately 3500 museums/monuments across Europe.
To put that number into context, with over 850 million ticket transactions annually, the system has become one of the most critical in our cultural infrastructure.
As previously mentioned, the RansomHouse gang stated responsibility for the breach. They claimed the entry point was their French subsidiary, Irec SAS. This is where they allegedly gained access to the systems.
Unfortunately, there are other disturbing aspects regarding the current situation. On their Data Leak web site (the gang’s web site), they posted a note indicating they believe the company attempted to cover-up the breach. They even targeted the company directly:
“Strongly advise you to reach out to us to avoid having your confidential information/data and project documentation disclosed”
The attackers claim to have been able to access sensitive information. Among the things that could have been compromised:
full names and surnames
email addresses
purchase and booking history
country of residence and postal codes
technical account data and login times
The attacks against France’s cultural institutions (museums) and monuments have created great disruption. According to reports from the French Ministry of Culture, each organization will need to report individually regarding the cost of losing all of their systems for handling tickets and other payments online. Thus far, there is no indication as to whether they were successful in gaining access to the financial data of users who purchased tickets.
According to the statements made by Vivaticket (the company which manages the ticketing systems), “no proof exists” of the theft of user account information including credit card numbers and bank accounts.
Affected organizations include the Louvre Museum, the Orsay Museum, the Quai Branly Museum, Notre Dame Cathedral, the Arc De Triomphe monument, and the Eiffel Tower.
These and numerous others had problems accessing their ticket purchasing systems. A number of museums suspended ticket sales entirely due to the loss of these capabilities. Millions of people may have been negatively impacted. Some services remain unavailable.
Vivaticket is cooperating with ANSSI (French National Cybersecurity Agency) and local authorities to determine the scope of the hack. Organizations whose systems were compromised are contacting customers to inform them of possible breaches of personal identifiable information.
Dr Darren Williams, Founder of Black Fog stated the following:
“This type of incident further supports that hackers use well known trusted third party services to gain access to large amounts of customer data. This particular hacker accessed sensitive customer information via a ticketing service thereby going around the main organization and being able to access customer identifying information.
