AGO says it was hit by 'cybersecurity incident' in September

The Art Gallery of Ontario says a "cybersecurity incident" hit its computer systems in September and may have resulted in a third party gaining unauthorized access to some customer information. 

In a statement and in an email to its members, the art gallery confirmed that an unauthorized third party gained access to its internal shared server but added "the vast majority of customer data and credit card information was not impacted."

The gallery said it is notifying customers who may have been impacted after it was advised to do so by legal counsel and security specialists, and in keeping with privacy legislation.

In the email to members, the AGO said the breach affected its systems between Sept. 9 and 18. It added that an investigation by security specialists was undertaken to "gain a clearer understanding of the breadth" of the breach.

Members urged to watch for suspicious activity

The AGO said it recommends that members stay vigilant and take steps to prevent phishing attempts, identity theft and fraud. Members are urged to monitor accounts and account statements to keep an eye out for suspicious activity.

The art gallery said it will take steps to strengthen its computer systems, which may include putting new authentication measures in place.

"We deeply regret that this incident occurred. The safety of your data is of paramount importance to us, and we continue to be committed to protecting it," the AGO said in the email.

"Despite our best efforts, the AGO was not immune to the type of cyber security incident that had impacted so many Canadian public and private sector organizations."

Anyone with questions can contact the AGO at priority@ago.ca or (416) 979-6608.