Italy’s famed Uffizi admits cyber-attack but denies security breach

Italy’s famed Uffizi admits cyber-attack but denies security breach

The Uffizi Galleries in Florence recently acknowledged a cyber-attack targeting its IT infrastructure, though it insisted the museum’s security systems remained uncompromised. Officials emphasized that no artworks were damaged or stolen during the incident, which involved unauthorized access to sensitive data. The attack reportedly spanned late January to early February, impacting not only the Uffizi but also its affiliated sites at Palazzo Pitti and the Boboli Gardens.

Details of the Breach

Italian media reported that hackers had infiltrated the museum’s network, allegedly retrieving access codes, internal blueprints, and the positions of surveillance equipment. A ransom demand was reportedly sent to the director’s personal phone, threatening to leak the data on the dark web. However, the Uffizi contested these claims, stating that its security systems were not vulnerable to external intrusion.

“No passwords were stolen—none whatsoever—because the security systems are entirely internal and closed-circuit,” the museum stated.

According to Corriere della Sera, the attackers navigated interconnected systems, including computers and phones, to compile detailed operational insights. Despite this, the Uffizi maintained that the breach did not expose any critical weaknesses in its physical security measures.

Comparisons to the Louvre Incident

The Uffizi highlighted the difference between its situation and the Louvre’s October robbery, where thieves exploited outdated CCTV systems to steal priceless treasures. The museum noted that its security upgrades, including digital cameras recommended by police in 2024, had already been implemented. “Our systems are nothing like the Louvre’s,” it said, stressing the internal nature of its security network.

Impact on Museum Operations

Following the attack, some areas of Palazzo Pitti were temporarily closed, and valuable items were relocated to a vault at the Bank of Italy. While the museum did not dispute the move, it attributed it to ongoing renovation plans. Staff were also instructed to avoid public discussion of the incident, per Corriere’s report.

Additionally, the Uffizi addressed concerns about its digital photographic archive, asserting that no data was lost. It explained that the server had been briefly taken offline to restore a backup, a process now completed without incident.

Despite the disruption, the Uffizi remains open to visitors, with ticketing and public spaces unaffected. The museum, Italy’s second-most visited institution after the Vatican, continues to generate approximately €60 million in annual revenue. Officials described the attack as a temporary setback, not a systemic failure.