France’s Court of Auditors has delivered a scathing indictment of the Louvre Museum’s security protocols following an audacious daylight jewel theft in October, asserting that management prioritized high-profile acquisitions and renovations over fundamental protection measures. The critique, which emerged shortly after the theft of priceless estimated French crown jewels, places intense pressure on the iconic Parisian institution to overhaul its physical and digital defenses.
The October 19th incident saw four individuals scale an exterior wall, breach a window, and escape with nine historic pieces—valued around $102 million—within minutes. The speed of the infiltration highlighted critical perimeter vulnerabilities and slow emergency response times, failures that had reportedly been known to the museum’s administration for years.
Neglecting Physical Protections
The audit paints a clear picture of delayed security modernization despite having an annual operating budget of €323 million. While the museum expanded its network of interior CCTV cameras to 432 by 2024—nearly a 50% increase since 2019—it still leaves an estimated 61% of its 465 galleries without surveillance coverage. Modernization projects were frequently postponed, with new cameras often installed only as a secondary measure during unrelated room refurbishments.
Louvre Director Laurence des Cars acknowledged that weaknesses had been identified previously and subsequently committed to senators to doubling the camera count across the expansive 37-hectare site in the coming years.
The Court of Auditors sharply contrasted the museum’s spending priorities. Between 2018 and 2024, the Louvre dedicated approximately €87 million to maintenance and palace restoration, but spent nearly double that amount on layout changes and art acquisitions. The museum invested €105 million to acquire 2,754 works during this six-year period, including a Fragonard painting and an “exceptional” Fabergé triptych. The Court urged greater scrutiny over acquisition prices, cautioning against purchasing artworks significantly above recent auction levels.
Digital Defenses Under Fire
Adding to the institution’s embarrassment are revelations concerning its cybersecurity posture. A years-old and heavily cited 2014 cybersecurity review by the national cyber agency ANSSI reportedly alleged woefully inadequate digital safeguards. Specifically, the audit claimed that a key server overseeing the museum’s CCTV network once used the easily guessable password “LOUVRE,” and software linked to security contractor Thales was protected by the equally flimsy “THALES.”
While ANSSI cautioned that the 2014 findings do not necessarily reflect current practice, these revelations have become a symbolic “smoking gun,” amplifying concerns about both digital and physical lethargy. The old audit had reportedly urged the Louvre to replace outdated software and significantly bolster its IT defenses.
Despite initial insistence that museum systems functioned during the theft, France’s Culture Minister, Rachida Dati, later conceded the “spectacular theft” represented a clear institutional failure. In response, President Emmanuel Macron has pressed for an acceleration of security enhancements.
The pressure comes as the Louvre is already engaged in a sweeping €700–€800 million renovation plan announced earlier in the year. However, the Court’s audit noted that some critical security recommendations dating back to 2015 are not scheduled for completion until 2032. Critics argue the October incident is a bruising wake-up call that demands an immediate, expedited timeline for implementation. The museum now faces intense public and governmental scrutiny to prove it can protect the global heritage housed within its walls.