Nine days after an audacious cyberattack struck the Metropolitan Opera, forcing its website offline, paralyzing its box office and hobbling its ability to sell tickets, the company announced on Thursday that those services had been restored.
“After suffering a cyberattack that temporarily impacted our network systems, we’re pleased to announce that the Met is now able to process ticket orders through our website and in person at our box office,” the Met said in a message on its website, which reassured customers that no credit card information had been stolen during the attack.
The resumption of ticket sales at the Met, the largest performing arts organization in the United States, marked the conclusion of what the company said was the first major cyberattack in its 139-year history. The attack, coming during the usually lucrative holiday period, knocked out the company’s ticketing system at a time when it would typically handle about $200,000 in sales each day.
The targeting of the Met, which dealt the company a blow as it struggles to lure audiences back to prepandemic levels, underscored that even venerable cultural institutions are not immune to cyberattacks in the digital age.
“This attack froze everything,” said Peter Gelb, the Met’s general manager, who said that it had wreaked havoc, undermining the electronic payment system for the company’s 3,000 full- and part-time employees and hampering its ability to order sets for upcoming productions. “The teachable moment of this attack is that if someone wants to break into your system, it is hard to stop them.”
Despite the disruption, the Met never missed a performance, continuing to stage its grandiose old-school production of Verdi’s “Aida,” with its huge cast and towering sets, and the new Kevin Puts opera “The Hours,” starring Renée Fleming, Kelli O’Hara and Joyce DiDonato and inspired by Michael Cunningham’s Pulitzer Prize-winning 1998 novel. Without its regular ticket system, the opera house offered $50 general admission tickets for seats that usually cost several times that much, through a website set up by Lincoln Center. Gelb said Thursday that prices would return to normal levels.
Gelb said it appeared that the attack has been orchestrated by an organized criminal gang, and that the F.B.I. was aware of the attack.
Cybersecurity experts said the attack had all the hallmarks of a ransomware attack, a form of modern-day piracy that has become a global scourge in recent years, as attackers target local governments, businesses, hospitals and, now, cultural institutions.
Experts said the crime is widespread. In some cases victims receive an email with a link or attachment that contains software that encrypts files on their computer and holds them hostage until they pay a ransom.
While the attack had added to the Met’s woes, Gelb said the company was undeterred. Paraphrasing a line from Terence Blanchard’s opera “Fire Shut Up in My Bones,” which was performed at the Met last year, he said: “We bend but we don’t break.”