Ransomware Attack on Viva Ticket Impacts 3,500 Global Partners Including the Louvre

Viva Ticket, a provider of ticketing and access control solutions, reports a ransomware attack in early March 2026. The platform, which manages approximately 850 million tickets annually, serves over 3,500 partner organizations across 50 countries. 

The RansomHouse ransomware group claimed responsibility for the breach, which has impacted high-profile cultural institutions including the Louvre, the Bibliothèque nationale de France (BnF), and the Centre des monuments nationaux.

The threat actors reportedly gained access through the infrastructure of Irec SAS, a subsidiary or closely associated entity of the ticketing provider. RansomHouse claims to have stolen confidential documents and project files and that the company's IT department allegedly attempted to hide the incident. The attack caused widespread service disruptions, forcing several European museums and venues to take their online booking systems offline to prevent further lateral movement within the network.

The compromised data includes:

• Full names and surnames
• Email addresses
• Purchase history and reservation details
• Country of residence and postal codes
• Account metadata and login timestamps

The number of affected individuals is not disclosed, but estimates suggest millions of users are potentially impacted due to the platform's massive global footprint. Viva Ticket claims that there is currently no evidence that banking information or credit card details were accessed during the incident. 

In response to the breach, Viva Ticket isolated the affected server environments and started a recovery process from backups. The company is collaborating with the French National Cyber Security Directorate (ANSSI) and other law enforcement agencies to conduct a forensic analysis of the exfiltrated data. Affected institutions have begun notifying their customers, advising them of the potential exposure of their personal identifiable information (PII).