The Metropolitan Opera restored service to its website, box office and call center this afternoon, following a damaging cyberattack that began last week.
The website was restored at around 1:30 p.m. on Thursday, and ticket sales have resumed after more than a week of chaos. Met Opera on Demand, the company’s popular subscription streaming platform, has also been restored.
The company has not divulged the exact nature or extent of the attack, which began on Dec. 6 and crippled its capacity to sell tickets heading into the peak weeks of the holiday season. The Met Opera normally processes more than $200,000 worth of tickets each day.
Early speculation regarding the source of the attack pointed toward Russia, in response to the Met Opera’s support and fundraising efforts for Ukraine. The company also severed ties with certain high-profile artists associated with Russian President Vladimir Putin.
But in an article published by The New York Times on Wednesday, Peter Gelb, the Met Opera’s general manager, said the attack appeared to be the work of an organized criminal gang.
A notification posted on the splash page of the restored website offered assurance to Met Opera patrons and customers: “Based upon our ongoing investigations into the recent cyberattack, we would like to reassure our customers that ticketing customer data, including credit card information used when purchasing tickets, has not been stolen. We do not keep credit card information in the systems that were affected by the cyberattack.”
However, an email delivered on Thursday morning to current and former company members and associates, which was shared with Gothamist, confirmed that internal information had been accessed by the attackers.
“While the investigation is ongoing, we know that some of our files have been breached, although we do not yet have specific information on what information was stolen,” the email reads. “But our investigation indicates that certain personal data may have been taken. Although we have no evidence that any stolen data has been misused, out of an abundance of caution we wanted to alert you now even though you may not be personally impacted. If our investigation concludes that you have been impacted, we will be in touch with you directly.”
A company spokesman confirmed that there is “no evidence” personal data was definitely stolen. But company members who worked onsite at the Met Opera between September 2021 and now were urged to change their passwords and monitor their personal accounts.