Metropolitan Museum of Art Data Breach Leaves Personal Information Compromised

• Unauthorized actor accessed sensitive information between September 30, 2022, and December 6, 2022
• The Met offers 12 months of free credit monitoring services and identity theft protection guidance for affected individuals

The Metropolitan Museum of Art (the Met) announced today that it had suffered a data breach, with an unauthorized actor accessing sensitive information between September 30, 2022, and December 6, 2022. The breach was discovered on December 6, 2022, after the Met’s cybersecurity team identified suspicious activity related to its computer systems.

Immediately after detecting the breach, the Met took steps to secure their network and engaged a team of third-party specialists to help restore the affected systems and determine the extent of the breach. The investigation revealed that the unauthorized actor had accessed various files containing personal information, including names, financial account details, tax identification numbers, Social Security numbers, payment card information, and driver’s license numbers.

The Metropolitan Opera (“the Met”) filed a notice of data breach with the Maine Attorney General

Upon discovering the breach, the Met moved quickly to investigate and respond to the incident, assess the security of its systems, and identify potentially affected individuals. The Met has also notified federal law enforcement authorities of the breach.

In response to the data breach, the Met is working on implementing additional security measures and providing training to its employees. To help affected individuals, the Met is offering 12 months of free credit monitoring services through Kroll. This service aims to help protect those whose personal information may have been compromised in the incident.

Additionally, the Met is providing guidance to impacted individuals on how to protect themselves against identity theft and fraud. The museum advises individuals to report any suspected incidents of identity theft or fraud to their credit card companies and banks. The Met is also offering information on placing fraud alerts and security freezes on credit files, contact details for national consumer reporting agencies, instructions on obtaining free credit reports, and reminders to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring credit reports.

The Met encourages those affected to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report any attempts or incidents of identity theft and fraud. As the investigation continues, the Met remains committed to ensuring the security of its systems and safeguarding the personal information of its patrons and employees.