Skip to content
Supply chainOngoing

Leak at Musée des Arts et Métiers

Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

Victim
Musée des Arts et Métiers
SectorOther

On 18 March 2026, the Musée des Arts et Métiers — the Paris science and technology museum operated by the Conservatoire national des arts et métiers — was named among the cultural institutions whose customer data was exposed in the breach of ticketing provider Vivaticket.

The incident was not a direct attack on the museum. On 2 March 2026, Vivaticket — an Italian platform that powers online ticketing and shop services for roughly 3,500 museums, monuments and venues across Europe — was hit by a ransomware attack claimed by the RansomHouse group, reportedly through its French subsidiary. The attackers encrypted systems and exfiltrated personal data belonging to the customers of the affected venues, making this a supply-chain compromise rather than a flaw in the museum's own systems.

The data exposed for affected customers included:

  • First and last name
  • Email address
  • User-account information (and, for the wider Vivaticket dataset, account identifiers and passwords)
  • Order and ticketing history

Vivaticket stated there was no evidence that banking or payment-card data — handled by a separate provider — had been accessed. The breach affected an estimated several million records across all impacted venues; no museum-specific figure for the Musée des Arts et Métiers has been published. At disclosure, online ticketing remained disrupted across many of the affected sites and a Paris prosecutor's investigation was under way, leaving the incident ongoing.

Sources

  1. actualitte.comhttps://actualitte.com/article/130017/usages-numeriques/cyberattaque-des-musees-et-institutions-culturelles-perturbes-dont-la-bnf
  2. lejournaldesarts.frhttps://www.lejournaldesarts.fr/actualites/une-cyberattaque-en-cours-touche-la-billetterie-de-plusieurs-musees-en-france-182637
  3. usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/vivaticket-touche-par-une-cyberattaque-les-systemes-de-billetterie-de-3500-organisations-exposes.Q4C5WKTCUNASFH46BXOMEP6UBQ.html
  4. cybernews.comhttps://cybernews.com/cybercrime/ransomware-attack-on-vivaticket-disrupts-louvre-and-major-european-museums/

Related incidents

Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue
Supply chainContained

Leak at Bibliothèque Nationale de France

A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

Victim
Bibliothèque Nationale de France