Skip to content
Supply chainContained

Leak at Palais de la Porte Dorée

On 2 March 2026, the Palais de la Porte Dorée was among 40+ French cultural institutions affected by a ransomware attack on shared ticketing provider Vivaticket, potentially exposing visitors' names, contact details, dates of birth, purchase histories and encrypted passwords.

Victim
Palais de la Porte Dorée
SectorOther

On 2 March 2026, the Palais de la Porte Dorée — a Paris museum and cultural institution housing the Musée national de l'histoire de l'immigration and a tropical aquarium — was caught up in a large-scale cyberattack that hit more than 40 French cultural venues at once, including the Louvre, the Musée d'Orsay, the Bibliothèque nationale de France and the Eiffel Tower.

The incident was not a direct breach of the museum. It stemmed from a ransomware attack on Vivaticket, the shared third-party online ticketing provider used across the French cultural sector. The compromise of that single supplier simultaneously disrupted ticketing and exposed customer data at every institution relying on it, making this a supply-chain incident.

According to statements from the affected institutions and the Centre des monuments nationaux, the data potentially exposed for ticket buyers included:

  • Last name and first name
  • Email address
  • Postal address
  • Phone number
  • Date of birth
  • Purchase history
  • Encrypted (hashed) account password

Authorities stressed that banking and payment data were not affected. At the time of disclosure, no confirmed data exfiltration or fraudulent use had been established, though exposure could not be ruled out, and customers were urged to stay alert to phishing and fraud attempts. The Paris public prosecutor opened a criminal investigation, and online ticketing was suspended and gradually restored over the following weeks while venues directed visitors to on-site ticket counters.

Sources

  1. usine-digitale.frhttps://www.usine-digitale.fr/article/cybersecurite-plus-de-40-musees-francais-vises-par-une-attaque-par-ransomware.N2216983
  2. actualitte.comhttps://actualitte.com/article/130017/usages-numeriques/cyberattaque-des-musees-et-institutions-culturelles-perturbes-dont-la-bnf
  3. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Palais%20de%20la%20Porte%20Dor%C3%A9e-2026-03-02

Related incidents

Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue
Supply chainOngoing

Leak at Musée des Arts et Métiers

Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

Victim
Musée des Arts et Métiers
Supply chainContained

Leak at Bibliothèque Nationale de France

A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

Victim
Bibliothèque Nationale de France