London’s world-famous British Museum was forced to partially close its doors at the end of last week, following a serious security breach involving a former IT contractor.
As The Guardian reports, police were called to the museum on Friday after a recently dismissed worker allegedly trespassed onto the museum site and was able to shut down various systems, including the museum’s ticketing platform.
As a consequence, visitors faced significant disruptions, with many unable to access galleries and exhibitions that are usually open to the public.
The Metropolitan Police confirmed that it had been called to the museum at 8:25pm on Thursday, following reports that “a man entered the British Museum and caused damage to the museum’s security and IT systems.”
They confirmed that a man in his 50s had been arrested on suspicion of burglary and criminal damage. He has since been bailed.
“An IT contractor who was dismissed last week trespassed into the museum and shut down several of our systems. Police attended and he was arrested at the scene,” a spokesperson for the British Museum told the media on Friday. “We are working hard to get the museum back to being fully operational but with regret our temporary exhibitions have been closed today and will remain so over the weekend – ticket holders have been alerted and refunds offered.”
The unexpectedly dramatic turn of events, at a museum normally known for its sedate atmosphere, has raised concerns about the security at one of Britain’s best-known cultural institutions.
What has not been made clear is how an unauthorised person was able to gain physical access to the computer systems. It is considered good practice to revoke individuals’ access – both physical and digital – to systems when they leave the employment of a company, by revoking passwords and taking away ID badges.
It’s possible, of course, that ID badges and key cards were not taken away from the IT contractor when he was dismissed, or that the museum was instead relying upon less secure ways of controlling access to privileged areas – such as a combination keypad.
The only consolation is that it appears the suspect was caught in the process of causing the alleged damage while on the site itself. Although, of course, it would have been much better if they had not been able to gain access in the first place.
The British Museum says that it has initiated a thorough assessment of its security protocols to prevent similar attacks occurring in the future. These measures include a review of its access controls and monitoring systems to ensure that only authorised staff can enter sensitive areas of the museum.
The museum says it is also evaluating whether it needs to strengthen the cybersecurity measures it has in place to defend its IT infrastructure.
Taking the opportunity to review its cybersecurity certainly makes a lot of sense, as the British Museum is not alone in facing challenges related to cybersecurity.
In October 2023, the British Library – like the British Museum, an iconic institution that preserves and showcases a vast array of cultural heritage and knowledge – was hit by a ransomware attack that is estimated to have cost it millions of pounds and still impacts some of its services.
In light of such incidents, more museums are investing in advanced security technologies and training for staff to recognise and mitigate potential risks.
The British Museum is filled with treasures from around the world, but it is facing growing pressure to return artefacts taken from other countries.
The most notable example is the Parthenon Marbles, ancient sculptures removed from Athens by Lord Elgin in the early 19th century. For decades, Greece has been campaigning for their return.
