Skip to content
Supply chainOngoing

Leak at the Oceanographic Museum of Monaco (via Vivaticket)

Customer data of the Oceanographic Museum of Monaco was exposed via a ransomware attack on its ticketing provider Vivaticket (subsidiary Irec SAS), disclosed 2 March 2026 and claimed by RansomHouse, leaking names, emails, phone numbers, postal locations and order/booking history.

Victim
Oceanographic Museum of Monaco

On 2 March 2026, the Oceanographic Museum of Monaco — the historic marine science institution overlooking the Mediterranean — was caught up in a wider breach of its online ticketing provider, Vivaticket. The museum did not suffer a direct intrusion: customer data was exposed through a ransomware attack on Vivaticket's French subsidiary Irec SAS, which handles online bookings for the museum and thousands of other venues.

The attack was claimed by the Russian-speaking ransomware group RansomHouse, which threatened to publish the stolen data on its leak site. Because Vivaticket processes ticketing for roughly 3,500 museums and monuments across some 50 countries — including the Louvre, Musée d'Orsay and other major sites — the incident affected visitors of many institutions at once, with estimates of millions of individuals potentially impacted across the platform.

For affected customers, the exposed data reportedly included:

  • First and last name
  • Email address
  • Phone number
  • Postal code and city / country of residence
  • Order history and booked-event details (type and number)
  • Account metadata such as login timestamps

According to reporting, the breach did not expose payment-card or bank details, and passwords were not among the compromised data. The total number of individual records tied specifically to the Monaco museum has not been disclosed. As of disclosure the situation remained ongoing, with affected venues taking ticketing systems offline and seeking alternative booking arrangements while Vivaticket responded.

Sources

  1. cybernews.comhttps://cybernews.com/cybercrime/ransomware-attack-on-vivaticket-disrupts-louvre-and-major-european-museums/
  2. cpomagazine.comhttps://www.cpomagazine.com/cyber-security/ransomware-attack-on-vivaticket-disrupts-online-bookings-at-european-museums-and-monuments/
  3. scworld.comhttps://www.scworld.com/brief/thousands-of-european-tourist-sites-impacted-by-ticketing-platform-breach
  4. dexpose.iohttps://www.dexpose.io/ransomhouse-targets-french-ticketing-firm-irec-sas/

Related incidents

Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue