The Art Gallery of Ontario says the vast majority of customer data is safe after it was hit by a “cybersecurity incident” last month.
In a statement to Global News, the AGO said the incident impacted its internal shared server.
“The vast majority of customer data and credit card information was not impacted. As guided by legal counsel, security specialists and relevant privacy legislation, the AGO is notifying individuals who may have been impacted,” it said Wednesday, adding the museum is maintaining operations as regularly scheduled.
In a separate message sent to AGO members, the museum expanded on what happened between Sept. 9 and 18.
“Immediately upon becoming aware of the incident we engaged security specialists to complete a full investigation and to gain a clearer understanding of the breadth of the incident as well as external legal counsel. Our work has been guided by legal counsel, security specialists and relevant privacy legislation,” it said.
“Based on our investigation, the incident impacted files that had been saved to the AGO’s internal shared server during the past 12 months.”
The AGO added in that notice it is taking several steps in strengthen its systems, including implementing additional authentication.