According to sources, the victim faced an internal cyberattack in which a 23-year-old individual, who was reportedly an IT support worker for a third-party contractor for the museum, accessed financial records and systems. The attacker manipulated the account payable system, replacing the information with his own and conducting multiple unauthorized purchases. Suspicion arose when discrepancies were detected in financial data provided to contracted companies. After engaging independent forensics experts, the museum discovered anomalies and reported the incident to the police.
The suspect's involvement in the attack was traced, leading to his arrest and the seizure of electronic items. The attacker would have redirected around $90,000 as part of the cybercrime.