Cyber Incident Victim: Metropolitan Opera
Date:
Dec 2022
Location:
United States of America
Summary
The Metropolitan Opera experienced a cyberattack disrupting its network systems, including website, box office, call center, payroll processing, and internal email services, while performances continued unaffected. The organization halted new ticket sales, exchanges, and refunds, impacting significant daily revenue during peak holiday demand, and engaged a cybersecurity firm alongside the FBI for investigation and system restoration. Internal assessments were ongoing to determine infection scope and damage, with recovery delayed until systems could be secured, mirroring broader cyber targeting of arts institutions that disrupted operations for multiple cultural entities globally.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 7, 2022, the Metropolitan Opera publicly confirmed it was responding to a cyberattack that disrupted its network systems, first detected on the morning of December 6. The attack disabled critical public-facing services, including the organization’s website, box office operations, and call center functions, preventing new ticket sales, exchanges, and refunds. General Manager Peter Gelb reported systems remained offline for over 30 hours as of December 7, with internal infrastructure such as payroll processing and the "Met email" system also rendered inoperable. The Met assured patrons that scheduled performances and rehearsals would proceed unaffected, though it could not immediately process financial transactions. Gelb notified employees via letter that an investigation had been initiated with assistance from a cybersecurity firm and the FBI, emphasizing that system restoration would require thorough remediation to eliminate infections before reactivation. No details regarding ransomware involvement or potential data compromise were disclosed.
The incident occurred during the peak Christmas season, when daily ticket sales averaged $200,000 due to heightened tourist attendance and demand for holiday programming. Operational disruptions extended beyond revenue loss, delaying staff paychecks and internal communications indefinitely. The Met committed to honoring all deferred refunds and exchanges once systems were secured but provided no timeline for recovery, citing the need for a comprehensive damage assessment within 24 hours. This attack followed a broader pattern of cyber incidents affecting cultural institutions in 2022, including a separate ransomware campaign targeting marketing provider WordFly that impacted organizations like the Smithsonian and Royal Shakespeare Company. The Met’s response prioritized containment and forensic analysis while maintaining artistic operations, reflecting the persistent challenges facing performing arts entities reliant on digital infrastructure.