Redazione RHC : 2 November 2025 19:04
We recently published an in-depth article on the “theft of the century” at the Louvre , in which we highlighted how physical security – access, environmental control, surveillance – is now closely interconnected with logical security, i.e. networks, systems, and data.
In that article, we described how the attack on the Musée du Louvre could be interpreted as a true physical-pen test carried out by attackers using advanced OSINT and CTI (Cyber Threat Intelligence) preparatory techniques: detailed reconnaissance, study of shifts, flows, and procedural vulnerabilities, which created the conditions for the heist of the century.
The “heist of the century” continues to rock France, and some newspapers have reported sensational security flaws in the world’s most visited museum. Official documents dating back to 2014 and updated through 2024 appear to show that the passwords for the video surveillance systems were extremely simple: ” LOUVRE ” and ” THALES ,” the names of the museum and the security software responsible for protecting it, respectively.
The discovery, reported by Libération , casts a critical light on a system considered impenetrable, yet one that displays clear vulnerabilities. Culture Minister Rachida Dati, initially defensive, declared that “alarm bells have rung,” but later acknowledged before the Senate Culture Committee that “there were security lapses” and that a thorough investigation will be needed to determine who is responsible.
On October 20, shortly after the museum opened, a forklift truck parked the wrong way on the façade overlooking the Seine facilitated one of the most audacious thefts in the Louvre’s history. Two men broke into the Apollo Gallery, a room housing some of France’s most valuable treasures, slashing the display cases with grinders in a matter of minutes. The loot, estimated at €88 million in jewelry, was collected and transported by accomplices waiting on Yamaha T Max scooters.
The cameras, which were supposed to document the entire robbery, returned unclear and incomplete footage. After a week of investigations, French police conducted two waves of arrests, on October 25 and 29, taking a total of seven people into pre-trial detention. Four of them were formally charged with organized robbery and criminal conspiracy , while three were released. The primary suspects, two 37-year-old men, had a criminal record for theft dating back to 2015 and resided in Seine-Saint-Denis.
The most embarrassing issue concerns the museum’s digital management. Back in December 2014, three experts from the National Agency for Information Systems Security (ANSSI) conducted an inspection of the Louvre’s IT network, analyzing cameras, alarms, and access controls. The report highlighted a significant risk: anyone who gained control of the network could facilitate art thefts.
Predictable/trivial passwords are therefore one of the most essential elements of the entire security system that facilitated the heist of the century.
The Louvre, a global symbol of art and culture, is now under public and media scrutiny. The affair has highlighted management problems, fragmented maintenance, and insufficient transparency. For Minister Dati, running for mayor of Paris, the theft represents a severe political blow. The administrative investigation is still ongoing, but the damage to its reputation is already evident: the museum that houses the Mona Lisa has failed to protect even itself.
This episode becomes emblematic of the modern technological paradox: advanced tools that should guarantee security can, if poorly managed, become the most vulnerable point of apparently solid institutions.
Redazione