diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index 01f365cb228592c4be91a5e91228313353f3453c..6d7a51879cc9b858d5c466f128f12769ffd9cc22 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -2,7 +2,11 @@ class MediaController < ApplicationController
   skip_before_action :authenticate_user!
 
   def show
-    @blob = ActiveStorage::Blob.find_signed! params[:signed_id]
+    begin
+      @blob = ActiveStorage::Blob.find_signed! params[:signed_id]
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      raise ActiveRecord::RecordNotFound
+    end
     @size = @blob.byte_size
     if @blob.variable?
       variant_service = VariantService.compute(@blob, params[:filename_with_transformations], params[:format])