The National Gallery was hit by nearly two million email attacks over the course of 2019, as the UK’s largest public institutions step up their defences against hackers.

According to data obtained under the Freedom of Information (FoI) Act by cyber security specialists Absolute Software, the UK’s leading art gallery blocked an array of sophisticated email phishing attacks, including spam and virus attempts which were targeted at stealing the personal and financial data of National Gallery members.

The FoI data reveals that the gallery, located in London’s Trafalgar Square, suffered 1,875,250 attempted breaches via email.

However, the gallery’s cyber detection software blocked 18,378 spam emails and 443,741 attempted connection emails, proving the resilience of its internal networks.

Overall, blocked email addresses software managed to quarantine the highest number of emails, with 1,176,656 different attack efforts.

Additionally, 179,844 emails were blocked under the category of anti-spoofing lockout and a further 10,959 were logged as ‘manual envelope rejection’.

A further 2,810 emails were blocked under the category of Simple Mail Transfer Protocol.

Andy Harcup, vice president of Absolute Software, said: “It’s clear that cyber criminals are mastering the art of malicious email attacks, designed to infiltrate the National Gallery and steal confidential data - with millions of visitors every year and tens of thousands of members, it’s vital that London’s leading tourist hotspots have the right systems in place to protect devices from infiltration.

“With many major museums now closed due to the COVID-19 outbreak, it’s critical that enterprises have full visibility of the assets allocated to remote workers as well as always on control of those assets in case of the need to take action.”

A spokesman for the National Gallery said: “The Gallery takes its security extremely seriously and closely monitors its systems to mitigate against cyber incidents.

"While our building is closed the Gallery maintains its cyber security programme and, in line with most organisations, has a range of measures in place to ensure data is protected both on site and remotely.”

Share Story: