Italy’s famed Uffizi admits cyber-attack but denies security breach
Italy’s famed Uffizi admits cyber-attack but denies security breach
Florence’s Uffizi Galleries has acknowledged a cyber-attack but insists its security systems remain unbreached. Officials stated no damage or theft occurred, following reports that hackers infiltrated the museum’s IT infrastructure and accessed confidential security details. The incident reportedly unfolded between late January and early February, affecting not only the Uffizi but also its Palazzo Pitti and Boboli Gardens locations.
Ransom demand and internal systems
Italian media reported that intruders allegedly retrieved access codes, internal blueprints, and the positions of CCTV cameras and alarms. A ransom was then issued, targeting the personal phone of museum director Simone Verde. However, the Uffizi contested these claims, stating its security systems are entirely internal and not reachable from external networks. They emphasized that attackers navigated interconnected devices, including computers and phones, to compile a detailed overview of operations.
“No passwords were stolen—none whatsoever—because the security systems are entirely internal and closed-circuit,” the Uffizi clarified.
Despite the ransom demand, the museum asserted that employees’ phones were not compromised. It also denied that the entire digital photographic archive, which documents decades of art and historical records, had been lost. A backup system was in place, and while the server was temporarily down, the data remained intact after restoration.
Comparison to the Louvre incident
Following the daylight theft at the Louvre in October, where masked thieves exploited outdated CCTV systems, all major museums have reviewed their security protocols. The Uffizi highlighted that it had already updated its measures, replacing analog cameras with digital ones as recommended by police in 2024. This upgrade, they claimed, ensures no external access to security infrastructure.
The museum also dismissed suggestions that hackers had discovered the layout of surveillance systems. They argued that camera placements are visible to anyone entering the public space, so their exposure was unsurprising. Furthermore, the Uffizi noted that the closure of certain Palazzo Pitti areas since February 3 and the relocation of valuable artifacts to a Bank of Italy vault were part of ongoing renovation efforts, not a direct result of the cyber-attack.
Structural changes and safety measures
Some doors and exits at Palazzo Pitti were sealed with bricks and mortar, per Corriere della Sera. The Uffizi attributed this to fire-safety upgrades, pointing out that the building had lacked certification for years. Recently, they submitted a safety notice to the fire brigade, and additional doors were closed to limit access to historic spaces, now serving different purposes in the evolving global context.
Despite the controversy, the Uffizi remains open to visitors. Ticketing processes and public areas have not been disrupted, though some sections of the museum were temporarily closed. As Italy’s second-most visited cultural institution, the gallery generates approximately €60m in annual revenue, underscoring its continued operation despite the digital incident.
