The Art Gallery Ontario (AGO) says it was affected by a cybersecurity incident last month, which may have affected customers’ email addresses.
In an e-mail notifying customers on Wednesday, the AGO said an unauthorized third party accessed its internal shared server between Sept. 9 and 18.
“We deeply regret that this incident occurred. The safety of your data is of paramount importance to us, and we continue to be committed to protecting it,” the AGO said.
The third party may have accessed files saved to the AGO’s internal shared server during the past 12 months, the art museum said, adding that security specialists were engaged immediately to complete a full investigation.
While e-mail addresses may have been accessed, a spokesperson for the art museum confirmed the incident and said that the vast majority of customer data and credit card information was not impacted.
“We want to stress that there is no evidence at this time that any of the information impacted has been misused. However, out of an abundance of caution, we are notifying you,” the AGO said in its email to customers.
“We recommend you remain vigilant and take steps to protect against phishing attempts, identity theft and fraud, including monitoring your accounts and account statements for signs of suspicious activity.”
The AGO said it is taking several steps to strengthen its systems, including additional authentication and other safety measures.
The downtown Toronto museum is the most recent victim of a cybersecurity attack over the past year, with several hospitals, libraries, and government agencies across the province being crippled as a result.