Louvre Heist Sparks Scrutiny Over Security Failures and Misplaced Priorities

A French court has sharply criticized the leadership of the Louvre Museum following an audacious daylight robbery that exposed serious lapses in both physical and cybersecurity. The Court of Accounts’ report, released Thursday, concluded that museum administrators prioritized high-profile acquisitions and renovation projects over essential security investments — a failure that culminated in the October 19, 2025, heist.

A Warning Ignored

The theft, described as one of the most brazen art crimes in recent history, saw four men scale the Louvre’s walls, breach a window, and escape with nine pieces of priceless historic jewelry within minutes. Alarms were triggered only after the thieves had already gained access to the building, and the entire operation was over in less than eight minutes.

Pierre Moscovici, president of the Court of Accounts, called the event “a deafening alarm signal,” underscoring that the museum’s leadership had long been aware of its weak points. “The weaknesses of the protection of our perimeter are known and identified,” Louvre director Laurence des Cars later told lawmakers, acknowledging internal failings that had been documented years before the incident.

Security Gaps and Delayed Upgrades

According to the report, the Louvre operated with 432 interior CCTV cameras in 2024, covering only 39% of its 465 galleries. Although that represented an improvement from 2019, the gaps remained vast for an institution spanning over 650,000 square feet — the largest museum in the world.

By comparison, the Detroit Institute of Arts, which has a similar footprint, operates over 550 cameras, according to camera manufacturer Axis. Des Cars has since pledged to double the Louvre’s surveillance capacity in the coming years.

The Court of Accounts urged the museum to “strengthen its internal control function,” warning that the existing system was “underdeveloped for an institution the size of the Louvre.” It also revealed that security upgrades recommended in a 2015 audit are not expected to be fully implemented until 2032 — more than 17 years after the initial recommendations.

Cybersecurity Under Scrutiny

The Louvre’s vulnerabilities extended beyond its physical walls. A 2014 audit by France’s national cybersecurity agency, ANSSI, found that one of the museum’s main server passwords for its CCTV network was simply “LOUVRE.” Similarly, access to Thales-managed software was protected by the equally basic password “THALES,” according to French daily Libération.

The ANSSI report recommended overhauling outdated software and improving cyber hygiene across the museum’s systems. While the agency confirmed the existence of the audit, it noted that the findings “cannot be considered representative of the current level of security” at the institution today.

Still, the disclosure has fueled public concern about the adequacy of the museum’s digital defenses, especially given its vast archives of digitized artwork and visitor data.

Money for Art, Not for Alarms

The audit also shed light on the Louvre’s financial choices between 2018 and 2024. During that period, the museum allocated roughly €27 million ($31 million) to maintenance and €60 million to palace restoration — yet spent nearly double that amount on acquiring new artworks and redesigning exhibition spaces.

The museum invested €105 million in art acquisitions over six years, adding 2,754 works to its collection. Among them were a €5 million purchase of two Jean-Honoré Fragonard paintings in 2021 and a €2.2 million Fabergé triptych acquired in April 2025.

While these purchases enhanced the museum’s cultural prestige, the Court of Accounts cautioned against such spending priorities. It urged leadership to ensure that artworks are not bought above recent auction prices and to maintain transparency about acquisition costs, many of which remain undisclosed.

Leadership Under Pressure

The audit reviewed eight years of operations spanning two successive administrations. Despite the theft and subsequent criticism, no senior executives have resigned or been dismissed. Louvre Director Laurence des Cars offered to step down, but French Culture Minister Rachida Dati rejected her resignation.

Initially, Dati defended the museum’s actions. “Did the Louvre Museum’s security measures fail? No, they didn’t. It’s a fact,” she told lawmakers on October 21. However, her tone shifted a week later. Addressing senators, Dati conceded that although staff had followed protocol “to the letter,” the “spectacular theft” was indeed a failure of security oversight. “Security failures did indeed occur,” she acknowledged.

President Emmanuel Macron has since called for accelerated upgrades to the museum’s protective systems. The French government is expected to review the Court of Accounts’ recommendations and allocate additional resources to prevent future breaches.

A Global Lesson in Cultural Security

The Louvre’s heist has reignited global debate over the balance between cultural investment and institutional security. Experts warn that as museums compete for public attention and donor support, infrastructure maintenance and digital safety are too often neglected.

With over 8 million visitors annually, the Louvre stands as both a symbol of French heritage and a reminder that even the most celebrated institutions are vulnerable when security becomes secondary. The incident, as the Court concluded, should serve as a “turning point” in how cultural institutions worldwide safeguard their treasures — both on display and online.

Source: CNN – You’ll never guess the Louvre’s onetime CCTV password. (You absolutely will)