Cyber Incident Victim: British Museum
Date:
Jan 2025
Location:
United Kingdom
Summary
The British Museum experienced operational disruptions after a dismissed IT contractor allegedly trespassed into the premises and disabled multiple systems, leading to partial closures of galleries and temporary exhibitions. The individual was arrested on-site by police for suspected burglary and criminal damage, resulting in limited visitor capacity with priority given to existing ticket holders and members, who were offered refunds or rescheduling options while restoration efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 24, 2025, the British Museum partially closed to visitors following an alleged IT attack by a former employee. A dismissed IT contractor trespassed into the museum on the evening of January 23 and accessed its systems, deliberately shutting down portions of the IT network. Metropolitan Police were alerted at 20:25 GMT on January 23 to reports of a man inside the museum damaging security and IT infrastructure. Officers arrested a man in his 50s at the scene on suspicion of burglary and criminal damage. The immediate impact forced the closure of multiple galleries on Friday, January 24, along with all temporary exhibitions. The museum confirmed the individual had been terminated the previous week and unlawfully re-entered the premises to execute the disruption. Police released the suspect on bail pending further investigations, though specific motives were not disclosed. The attack disrupted standard operations during a peak visitation period, with the institution attracting over 5.8 million visitors in 2023 as the UK's top attraction.
The museum implemented restricted capacity measures for the weekend of January 25-26, prioritizing access for members and pre-booked ticket holders. Three temporary exhibitions—Silk Roads, Picasso: Printmaker, and an unspecified third—remained closed throughout the weekend. Affected visitors received direct notifications with options to reschedule or obtain refunds through the box office. Museum staff worked to restore full operational capabilities, though no timeline was provided for complete system recovery. The incident caused significant logistical disruptions, particularly impacting timed-entry ticketing systems for special exhibits. A spokesperson publicly apologized for the inconvenience while emphasizing collaboration with law enforcement. No artifacts from the permanent collection, including high-profile items like the Rosetta Stone or Parthenon Sculptures, were reported as damaged or compromised during the breach. The Metropolitan Police investigation remained ongoing at the time of reporting.