More than 45,000 affected by December cyberattack on Metropolitan Opera
Hackers accessed the sensitive personal information of more than 45,000 people across the U.S. during a December cyberattack on the Metropolitan Opera.
Known colloquially as “The Met,” the organization told regulators in several states that the names, financial account information, tax identification numbers, Social Security numbers, payment card information and driver’s license numbers of 45,094 people were leaked during the cyberattack.
“Through an investigation conducted by third-party specialists, the Met learned that an unknown actor gained access to certain of their systems between September 30, 2022 and December 6, 2022 and accessed or took certain information from those systems,” the opera house said in breach notification letters sent to victims.
The organization is offering one year of free identity monitoring services from Kroll and has provided victims with information on how they can place fraud alerts or security freezes on their credit files.
The New York-based opera house, founded in 1883 and now the largest classical music organization in North America, said in December that the cyberattack impacted its network systems, including the “website, box office, and call center.”
For weeks, the organization was unable to process new ticket orders or provide exchanges and refunds.
General manager Peter Gelb told employees at the time that it would not be able to process paychecks, and its internal “Met email” system was also down alongside all internal systems. The FBI was contacted after the attack was announced.
The Metropolitan Opera did not respond to requests for comment about whether the incident was a ransomware attack or whether the information involved was related to customers as well as employees.
But on March 1, the Snatch ransomware gang took credit for the attack.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.