Art Gallery of Ontario hit by cybersecurity incident; limited customer data exposed

The Art Gallery of Ontario (AGO) reported a cybersecurity breach that occurred in September, potentially exposing limited customer information. The gallery stated that an unauthorized third party accessed its internal shared server, though the “vast majority of customer data and credit card information was not impacted.”

In a communication to its members, AGO disclosed that the incident affected its systems over nine days, from September 9 to September 18. Following the breach, the gallery consulted legal counsel and security experts, who advised notifying potentially affected customers in line with privacy regulations.

The AGO emphasized the importance of vigilance against potential phishing attempts, identity theft, and fraud. It urged members to monitor their accounts for unusual activity and report suspicious incidents. The gallery said it is considering additional protective measures, including new authentication processes, to bolster its cybersecurity.

“We deeply regret that this incident occurred. The safety of your data is paramount to us, and we continue to be committed to protecting it,” the AGO said in its statement. The gallery noted that, despite robust precautions, it was not immune to the cybersecurity challenges that have affected numerous organizations across Canada.

AGO members and customers seeking more information can contact the gallery directly at priority@ago.ca or (416) 979-6608.