Copyright independent
The Louvre is facing fresh scrutiny over its security deficiencies after an £80 million heist as it was revealed that the password “Louvre” gave access to the museum’s video surveillance. Confidential documents seen by Libération have revealed that the simple password was enough to access the server responsible for video surveillance of the world famous museum in 2014. It was similarly easy to gain access to the Louvre’s cybersecurity software, provided by Thales, as the password was the name of the aforementioned company. The news comes after £80 million worth of France’s crown jewels were stolen from the Louvre in a matter of minutes on 19 October by thieves sporting high-vis jackets and masks. Four suspects in the Louvre heist were arrested last week, including three believed to be members of the team of four that were filmed using a cherry picker to reach the museum's window. They face preliminary charges of theft by an organised gang and criminal conspiracy. The jewels have still not been recovered, authorities said. A cybersecurity audit by the French National Cybersecurity Agency (ANSSI) tested the security network in 2014, where “the museum's most critical protection and detection equipment is connected”, the French tabloid quoted the report. This included “access control, alarms, and video surveillance”. “An attacker who manages to take control of it would be able to facilitate damage or even theft of artworks,” the report said. The applications and systems deployed on the security network contained numerous vulnerabilities, according to the agency, who warned that the video surveillance system could easily be damaged and modified. The agency encouraged the Louvre to create more complicated passwords in order to prevent any future security breaches. French culture minister Rachida Dati has acknowledged "security gaps” in the Louvre, as the investigation into the burglary of priceless crown jewels continues. France’s national audit office said that recommended upgrades from a security audit undertaken a decade ago are not set to be completed until 2032, according to a report on Thursday, which was compiled before the heist last month. Only 39 per cent of the museum's rooms had cameras as of 2024, the report found. A security audit began in 2015 found the museum was not sufficiently monitored or prepared for a crisis, but this only led to a tender for security works at the end of last year. "It will take several years to complete the project, which, according to the museum, is not expected to be finished until 2032," the report said. It also highlighted excessive spending to buy artwork and post-pandemic relaunch projects, as well as missed revenues from inefficiencies and ticketing fraud, as contributing to the museum's inability to fix its outdated infrastructure. The auditor’s head, Pierre Moscovici, told journalists on Thursday that the robbery was a "deafening" alarm which only reinforces some of the considerations made in the report. In written remarks published by the audit office, Ms Dati said she agreed on the urgency of the technical work and reiterated calls for swift corrective measures. Louvre director Laurence des Cars said in the same document she supported most of the auditor's recommendations but insisted the museum's long-term transformation plan is essential to address its structural challenges.
