Ask Onix
Uffizi Galleries confirm cyber-attack but deny security compromise
Florence's Uffizi Galleries acknowledged a cyber-attack on their IT systems but firmly rejected reports that hackers accessed or compromised the security infrastructure protecting their renowned artworks.
Timeline and initial reports
Italian newspaper Corriere della Sera reported that hackers infiltrated the museum's systems between late January and early February, extracting sensitive data including access codes, internal maps, and the locations of CCTV cameras and alarms. The attack reportedly targeted not only the Uffizi but also its affiliated sites, Palazzo Pitti and the Boboli Gardens. The museum later clarified that the breach occurred specifically on 1 February.
A ransom demand was sent to Uffizi director Simone Verde's personal phone, threatening to sell the stolen data on the dark web, according to Corriere.
Uffizi's response and security measures
The Uffizi disputed the claims, asserting that its security systems remained inaccessible from external networks. The museum stated that no passwords were stolen, as its security infrastructure operates on a closed-circuit, internal system. It also denied that employees' phones were compromised during the attack.
Regarding allegations that hackers obtained maps of surveillance cameras and sensors, the Uffizi argued that camera locations are visible to the public, as in any other public space. "There is no evidence that the hackers possessed any maps of the security systems," the museum said.
"No data was damaged or stolen. Our security systems are entirely internal and closed-circuit."
Uffizi Galleries statement
Impact on operations and artworks
Corriere della Sera reported that parts of Palazzo Pitti, which houses the "Medici Treasure," were closed starting 3 February, with valuable items temporarily relocated to a vault at the Bank of Italy. The Uffizi did not deny the relocation but attributed it to planned renovation work rather than a response to the cyber-attack.
The museum also addressed claims that emergency exits and doors at Palazzo Pitti were sealed with bricks and mortar. It explained that some closures were part of fire-safety upgrades, as the historic building lacked certification for decades. A safety notice was submitted to the fire brigade just two days prior to the report.
"Other doors were sealed to prevent excessive permeability of the historic building's spaces," the Uffizi added, citing the evolving security context and the building's 16th-century structure.
Data integrity and ongoing operations
The Uffizi refuted allegations that hackers stole its entire digital photographic archive, a decades-long record of artworks and documents. The museum confirmed that its photographic server was temporarily taken offline to restore a backup but insisted no data was lost. The restoration process is now complete.
Despite the incident, the Uffizi remains open to visitors, with ticketing and public areas largely unaffected. The museum, Italy's second-most visited after the Vatican, generates approximately €60 million (£52 million; $69 million) in annual revenue.
Broader security context
The cyber-attack follows a high-profile theft at the Louvre in Paris last October, where masked thieves exploited vulnerabilities in the museum's aging CCTV system to steal priceless artifacts. The Uffizi emphasized that its situation was "nothing like the Louvre," noting that it had already accelerated security upgrades, including replacing analogue cameras with digital ones, based on 2024 police recommendations.
