The cybersecurity audit warned that access to controls, alarms and video surveillance were at risk due to cybersecurity negligence
Paris, October 19, 2025.
In the early hours of a Sunday morning, four hooded figures, dressed in yellow workers’ vests, climbed onto a lift positioned against the facade of the world’s most famous museum. Within seven minutes, they forced open a window of the Apollo Gallery (Galerie d’Apollon) using a circular saw, broke the glass cases, and stole eight French crown jewels, including Napoleon’s necklace and brooch, as well as Josephine Bonaparte’s tiara.
The total value of the stolen items was 88 million euros. After the heist, the thieves vanished into the bustling streets of Paris on two scooters.
What initially appeared to be a perfectly executed robbery organized by sophisticated criminals was, in reality, the work of petty thieves from the suburbs, already known to the police for minor offenses.
How they managed to infiltrate the Louvre so easily? The answer doesn’t lie in their skills, but rather in the significant security flaws of an institution that safeguards priceless treasures.
The Most Embarrassing Secret: The Password Was “Louvre”
As the judicial investigation began to uncover the details of the theft, a shocking revelation emerged, leaving investigators, security experts, and the French public in disbelief. According to confidential documents obtained by the newspaper Libération, accessing the Louvre’s video surveillance server required nothing more than an alarmingly simple password: “Louvre”.
Yes, they used the museum’s own name.
The problem extends beyond technical issues; it is also rooted in cultural and organizational attitudes. The Louvre has treated cybersecurity as a secondary expense and a bureaucratic compliance necessity, rather than a strategic investment to protect its priceless heritage. Maintenance has been inconsistent, updates have been incomplete, and protocols are outdated. There is an inefficient governance structure where responsibility is diluted between internal staff and external providers, lacking a clear chain of command.
The Louvre is facing fresh scrutiny over its security deficiencies after an £80 million heist as it was revealed that the password “Louvre” gave access to the museum’s video surveillance.
Confidential documents seen by Libération have revealed that the simple password was enough to access the server responsible for video surveillance of the world famous museum in 2014.
It was similarly easy to gain access to the Louvre’s cybersecurity software, provided by Thales, as the password was the name of the aforementioned company.
A Broader Issue
However, this is not an isolated case; many cultural and public institutions around the world face similar challenges. Museums, libraries, and archives often rely on outdated technologies for both physical and digital security, with management strategies that are superficial and poorly maintained.
According to the NordPass 2024 report, the most commonly used password in Italy is still “123456” for accessing sensitive data related to customers, employees, or citizens. While contexts and institutions may evolve, the carelessness remains constant.
A recent study found that only 49% of companies that have suffered a cyber attack decide to invest in cybersecurity afterward.
This statistic reflects a mindset that is still too reactive rather than proactive.
Furthermore, cybersecurity training remains shockingly inadequate. Many individuals mistakenly believe that simply installing antivirus software or a firewall is sufficient for protection.
In reality, security is a continuous process that requires expertise, ongoing updates, rigorous procedures, and, most importantly, a shared awareness throughout the organization.
This awareness should be cultivated over time through training programs that address the challenges posed by our current historical period, and, above all, shared awareness at all levels of the organisation that is built over time through training programs equal to the challenge that this historical period presents us with.
