Ransomware Attack on Vivaticket Disrupts Louvre and Major European Museums

What happened

A ransomware attack on Vivaticket disrupted online reservations at major European museums and monuments after the ticketing provider was hit in early March. The incident reportedly took place on March 2 and affected about 3,500 European museums and monuments. Vivaticket, which serves thousands of organizations across 50 countries and manages about 850 million tickets annually, provides services to the Musée du Louvre and other French national cultural sites. The RansomHouse group claimed responsibility and said the breach occurred through Irec SAS, a French subsidiary of Vivaticket. The attackers claimed to have stolen confidential documents, including full names, email addresses, purchase history, reservation details, country of residence, postal codes, account metadata, and login timestamps. Vivaticket said there is currently no evidence that banking or credit card information was accessed. 

Who is affected

The direct impact falls on organizations using Vivaticket, including major French cultural institutions such as the Musée du Louvre, the Musée d’Orsay, the Musée du Quai Branly, Notre-Dame de Paris, the Arc de Triomphe, and the Eiffel Tower. The potential exposure also affects users whose reservation and account information may have been included in the stolen data. 

Why CISOs should care

This incident matters because it shows how a ransomware attack on a shared third-party ticketing platform can disrupt customer-facing operations across thousands of institutions at once. It also involves possible exposure of identity-rich reservation and account data, creating both operational disruption and follow-on data risk for affected organizations and their users. 

3 practical actions

1. Review third-party operational concentration: Identify which customer-facing services depend on shared vendors that could create broad disruption across multiple sites if compromised. 
2. Scope reservation-data exposure precisely: Determine whether names, email addresses, reservation history, account metadata, and related booking data are stored with ticketing providers and could be exposed in a similar incident. 
3. Coordinate customer notification with service restoration: Make sure incident response plans can handle both breach notification and rapid recovery of booking channels when online reservations are disrupted. 

For more news about ransomware incidents disrupting critical customer-facing services, click Ransomware to read more.