The renowned Uffizi Galleries in Florence has confirmed experiencing a cyber-attack. However, the institution strongly denies that its security systems, tasked with protecting its invaluable collection, were compromised. Officials emphasized that no artworks were damaged or stolen following reports that hackers had infiltrated the museum’s IT infrastructure and accessed sensitive security data.
Italian newspaper Corriere della Sera initially reported that attackers gained access to the museum’s IT systems. The publication alleged that hackers extracted access codes, internal maps, and the precise locations of CCTV cameras and alarm systems. Subsequently, a ransom demand was reportedly issued.
The Uffizi Galleries has refuted this narrative, asserting that its internal security systems are not accessible from external networks. According to the newspaper’s account, the perpetrators navigated through interconnected computer systems, personal devices, and other network-linked tools. This method allowed them to gradually construct a detailed understanding of the museum’s operational layout. The newspaper also stated that a ransom demand was subsequently sent to the personal phone of Uffizi director Simone Verde, accompanied by a threat to auction the compromised data on the dark web.
Home to iconic masterpieces such as Botticelli’s “The Birth of Venus” and “Primavera,” the Uffizi highlighted its distinct security posture compared to other institutions.
Corriere della Sera indicated that the cyber-attack took place between late January and early February. The incident reportedly affected not only the main Uffizi complex but also its associated sites at Palazzo Pitti and the Boboli Gardens.
The incident at the Uffizi follows a broader trend of heightened security concerns for major cultural institutions. Notably, the Louvre Museum in Paris experienced a daylight raid in October, where masked assailants allegedly exploited vulnerabilities in its aging CCTV system to steal priceless historical artifacts. This event prompted widespread reassessment of security protocols across prominent museums globally.
In response to the cyber-attack, the Uffizi stated that certain ongoing security enhancements were accelerated. These upgrades were implemented both prior to and following the incident. The gallery stressed it was “nothing like the Louvre,” noting that its analogue cameras had already been replaced with digital ones earlier in 2024, following police recommendations.
Addressing claims that hackers had identified the locations of surveillance cameras and sensors, the Uffizi stated there was “no evidence whatsoever that the hackers possessed any maps of the security systems.” The institution reasoned that the placement of cameras in a public space, like any museum, is generally visible to visitors, making their discovery unsurprising. It insisted that “No passwords were stolen – none whatsoever – because the security systems are entirely internal and closed-circuit.” Furthermore, employees’ personal phones were reportedly not compromised during the hack.
Corriere della Sera had also reported that parts of Palazzo Pitti, which houses the “Medici Treasure” on two floors, had been closed since February 3rd. This closure, the newspaper claimed, was a direct result of the hack, leading to the temporary transfer of valuable items to a vault at the Bank of Italy for safekeeping. The Uffizi did not dispute the relocation of treasures to a bank vault but clarified that this action was part of previously scheduled renovation work.
According to Corriere, some doors and emergency exits at Palazzo Pitti were sealed with brick and mortar. Staff were also reportedly instructed not to discuss the incident publicly. The Uffizi, however, partially attributed the bricked-up doors to fire-safety measures. The gallery pointed out that fire safety certification had been lacking for decades, and a safety notice had only recently been submitted to the fire brigade. Other doors were sealed “to prevent excessive permeability of the historic building’s spaces,” which date back to the 1500s. This measure was implemented considering the structures’ changed functions and the evolving international context.
The Uffizi also responded to assertions that intruders had accessed and stolen the gallery’s complete digital photographic archive, a multi-decade record of artworks and documents. The institution maintained that its photographic server remained intact due to a robust backup system. While acknowledging that the server was temporarily taken offline, the Uffizi explained this was a procedural necessity for restoring the backup. The process is now complete, with no loss of data reported.
Despite the ongoing controversy, the Uffizi Galleries, Italy’s second most visited museum after the Vatican, continues to operate. Generating approximately €60 million ($69 million USD) in annual revenue, the museum reported that ticketing and public areas remain largely unaffected by the cyber-attack.