The recent €88 million jewelry heist at the Louvre has shocked the art world and revealed how outdated and insecure the world’s most famous museum’s systems really were.
According to French newspaper Libération, a 2014 audit by France’s National Agency for the Security of Information Systems (ANSSI) found that the museum’s video surveillance system used the password “LOUVRE,” as reported by Tom’s Hardware. Another system built by defense contractor Thales used the password “THALES.”
The same report also discovered that the museum’s internal automation network was running on Windows 2000, an operating system Microsoft stopped supporting in 2010. This meant no updates, no protection, and a system wide open to cyber threats.
A later review by the National Institute for Advanced Studies in Security and Justice, completed in 2017, confirmed that the same vulnerabilities were still present. The report, marked confidential, warned about both digital and physical security flaws and noted that most of the issues from the previous audit had never been addressed.
Even more worrying, Libération found that the Louvre was still using outdated software as late as 2021. Although a new audit was carried out earlier this year, its results have not been released. The official leading the review told the French Senate that the museum’s systems “needed to be truly modernized.”
The museum’s curator later added, “What I can testify to is that the Louvre’s management was fully aware not of the weakness, but of the need to have a fresh look at the security system of the entire museum.”
While the recent heist might not be directly linked to these cybersecurity lapses, the pattern of neglect is hard to ignore. Two major audits, seven years apart, both warned of obsolete systems and weak passwords, and yet little appears to have changed.
For a museum that houses priceless works like the Mona Lisa and Venus de Milo, using “LOUVRE” as a password feels absurd. But this is not fiction or a heist movie; it is a real-world example of how complacency can undermine even the most iconic institutions.
The stolen jewelry may or may not be recovered, but the message is clear. The Louvre’s security needs a full-scale modernization before it faces another breach, one that could cost far more than stolen jewels.