Cyber Incident Victim: The Philadelphia Orchestra
Date:
Feb 2023
Location:
United States of America
Summary
The Philadelphia Orchestra and Kimmel Center were targeted by a cyberattack that rendered their websites inoperable and disrupted ticket sales, forcing all transactions to occur in person at a temporary box office. Despite the technical outage, all scheduled performances proceeded as planned, with the organizations affirming that security protocols safeguarded sensitive data and customer credit card information remained uncompromised. This incident reflects a growing trend of cyber threats against arts venues, similar to a recent ticketing system failure at another prominent opera house that also occurred during a peak sales period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 10, 2023, the Philadelphia Orchestra and the Kimmel Center for the Performing Arts experienced a significant disruption when a cyberattack targeted their network systems, rendering their primary websites inoperable and crippling core ticketing functions. The incident was first acknowledged by the organizations with a public notice stating they were dealing with a cyberattack, though specific technical details about the nature of the intrusion were not immediately provided. The attack directly impacted the ability to sell tickets online or via phone, as the shared ticketing infrastructure for the Kimmel Center and its resident companies, including the Philadelphia Orchestra, Broadway series, Philadelphia Ballet, and Philadanco, was taken offline. In response to the outage, the organizations quickly established a temporary alternative portal to facilitate some level of ticket sales and confirmed that physical tickets remained available for purchase exclusively at the Kimmel Center's box office. A spokesperson for the Philadelphia Orchestra, Ashley Berke, issued a statement assuring patrons that all scheduled performances would proceed as planned and that existing security protocols had functioned to protect sensitive data, specifically confirming that customer credit card information had not been breached.
The timing of the attack was particularly disruptive, occurring during the critical spring sales period when arts groups typically promote and sell seats for upcoming shows, including major productions like the Philadelphia Ballet's "The Sleeping Beauty." While live performances continued without interruption, the organizations were unable to process new ticket orders, handle exchanges, or process refunds through their standard channels, creating substantial inconvenience for patrons and administrative challenges. The incident drew parallels to a similar cyberattack in December 2022 against the Metropolitan Opera, which had shut down its website and box office for nine days, costing an estimated $200,000 in daily sales during the holiday season and ultimately prompting that organization to contact the FBI. Industry observers noted that arts venues present attractive targets for ransomware gangs due to their reliance on continuous ticketing operations and the potential for financial extortion. The attack on the Philadelphia institutions followed a broader July 2022 ransomware incident against WordFly, a digital marketing vendor, which disrupted email and text services for numerous global cultural organizations, though in that case the stolen data was reportedly deleted after the company engaged with the attackers. At the time of reporting, it remained unclear when normal ticketing operations for the Kimmel Center and Philadelphia Orchestra would be fully restored, with the temporary box office-only solution representing the primary workaround for customers seeking to transact.