The Uffizi Galleries in Florence has confirmed they were subject to a cyber-attack - but denied that the security systems protecting its famous works had been compromised. They stressed that nothing had been either damaged or stolen, after hackers were reported to have infiltrated the museum's IT systems and accessed sensitive security data.
Italian newspaper Corriere della Sera reported that hackers had infiltrated the museums' IT systems, allegedly extracting access codes, internal maps, and the locations of CCTV cameras and alarms, before issuing a ransom demand. However, the Uffizi Galleries contested this account, saying its security systems were inaccessible from the outside.
The attackers appeared to have moved through interconnected systems, computers, and phones, gradually piecing together a detailed picture of the museum's operations. A ransom demand was later sent to museum director Simone Verde's personal phone, with a threat to sell the data on the dark web.
The Uffizi is home to some of Italy's most celebrated artworks, such as Botticelli's Birth of Venus and Primavera. Corriere said the cyber-attack occurred between late January and early February, affecting not only the Uffizi but also its separate sites at Palazzo Pitti and the Boboli Gardens.
Ever since the Louvre museum in Paris was raided in broad daylight in October and priceless historic treasures stolen, all major museums have had to reassess their security. The Uffizi said that work already underway had been expedited both before and after the cyber-attack. Its situation was "nothing like the Louvre," it stressed, noting that analogue cameras had been replaced with digital ones, following police recommendations in 2024.
Responding to claims that the hackers had found out the location of surveillance cameras and sensors, it said there was no evidence whatsoever that the hackers possessed any maps of the security systems. The Uffizi insisted that "no passwords were stolen - none whatsoever - because the security systems are entirely internal and closed-circuit." It also clarified that employees' phones had not been compromised by the hack.
Despite the controversy, the Uffizi, generating around €60m (£52m; $69m) in annual revenue, remains open to visitors, with ticketing and public areas largely unaffected.
Italian newspaper Corriere della Sera reported that hackers had infiltrated the museums' IT systems, allegedly extracting access codes, internal maps, and the locations of CCTV cameras and alarms, before issuing a ransom demand. However, the Uffizi Galleries contested this account, saying its security systems were inaccessible from the outside.
The attackers appeared to have moved through interconnected systems, computers, and phones, gradually piecing together a detailed picture of the museum's operations. A ransom demand was later sent to museum director Simone Verde's personal phone, with a threat to sell the data on the dark web.
The Uffizi is home to some of Italy's most celebrated artworks, such as Botticelli's Birth of Venus and Primavera. Corriere said the cyber-attack occurred between late January and early February, affecting not only the Uffizi but also its separate sites at Palazzo Pitti and the Boboli Gardens.
Ever since the Louvre museum in Paris was raided in broad daylight in October and priceless historic treasures stolen, all major museums have had to reassess their security. The Uffizi said that work already underway had been expedited both before and after the cyber-attack. Its situation was "nothing like the Louvre," it stressed, noting that analogue cameras had been replaced with digital ones, following police recommendations in 2024.
Responding to claims that the hackers had found out the location of surveillance cameras and sensors, it said there was no evidence whatsoever that the hackers possessed any maps of the security systems. The Uffizi insisted that "no passwords were stolen - none whatsoever - because the security systems are entirely internal and closed-circuit." It also clarified that employees' phones had not been compromised by the hack.
Despite the controversy, the Uffizi, generating around €60m (£52m; $69m) in annual revenue, remains open to visitors, with ticketing and public areas largely unaffected.
