Ransomware Attack Disrupts Major European Museums via Vivaticket Breach

Severity: High (Score: 66.5)

Sources: Scworld, Cybernews

Summary

In early March 2026, Vivaticket, an online ticketing platform, suffered a ransomware attack attributed to the RansomHouse group, impacting approximately 3,500 museums and cultural sites across Europe. The breach, which occurred through Vivaticket's French subsidiary Irec SAS on March 2, disrupted online reservations for major attractions including the Louvre and the Eiffel Tower. The attackers claimed to have stolen sensitive customer data, including names, email addresses, and reservation details, but Vivaticket stated there is no evidence of financial data being compromised. The French Ministry of Culture is assessing the financial impact on affected institutions. Vivaticket is collaborating with the French National Cyber Security Directorate and law enforcement to evaluate the breach's scope. Many affected sites remain unable to process online ticketing, affecting millions of users. This incident highlights the risks associated with third-party vendor security in the digital landscape. Key Points: • RansomHouse ransomware group claimed responsibility for the attack on Vivaticket. • Approximately 3,500 European museums and cultural sites experienced disruptions. • No evidence of financial data compromise has been found, but personal data may have been stolen.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• Arc De Triomphe (company)
• Eiffel Tower (company)
• French Ministry Of Culture (company)
• French National Cyber Security Directorate (company)
• Irec SAS (company)
• T1195 - Supply Chain Compromise (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• RansomHouse (ransomware_group)