The Uffizi Galleries in Florence have confirmed they were subject to a cyber-attack - but denied that the security systems protecting their famous works had been compromised. The Uffizi stressed that nothing had been either damaged or stolen, after hackers were reported to have infiltrated the museum's IT systems and accessed sensitive security data.
Italian newspaper Corriere della Sera reported that hackers had infiltrated the museums' IT systems, allegedly extracting access codes, internal maps, and the locations of CCTV cameras and alarms, before issuing a ransom demand. But the Uffizi contested this account, saying its security systems were inaccessible from the outside.
The attackers appeared to have moved through interconnected systems, computers, and phones, gradually piecing together a detailed picture of the museum's operations, Corriere reported. A ransom demand was later sent to museum director Simone Verde's personal phone, the newspaper said, with a threat to sell the data on the dark web.
The Uffizi is home to some of Italy's most celebrated artworks, such as Botticelli's Birth of Venus and Primavera. Corriere said the cyber-attack occurred between late January and early February, affecting not only the Uffizi but also its separate sites at Palazzo Pitti and the Boboli Gardens. The museum later clarified the hack had taken place on 1 February.
Ever since the Louvre museum in Paris was raided in broad daylight in October and priceless historic treasures stolen, with the masked gang seemingly able to take advantage of its weak and aging CCTV system, all major museums have had to reassess their security. The Uffizi said work that was already underway had been accelerated 'both before and after the cyber-attack'.
Its situation was 'nothing like the Louvre,' it stressed, with analogue cameras replaced with digital ones, following recommendations made by the police in 2024. Responding to claims that the hackers had found out the location of surveillance cameras and sensors, it said there was 'no evidence whatsoever that the hackers possessed any maps of the security systems'.
Anyone walking through the museum could see the cameras were located, as was the case with any public space, so there was little surprise that their location had been found out. 'No passwords were stolen - none whatsoever - because the security systems are entirely internal and closed-circuit,' it said, adding that employees' phones had also not been compromised by the hack.
Despite the controversy, the Uffizi, Italy's second-most visited museum after the Vatican, generating around €60m (£52m; $69m) in annual revenue, remains open to visitors, with ticketing and public areas largely unaffected.
Italian newspaper Corriere della Sera reported that hackers had infiltrated the museums' IT systems, allegedly extracting access codes, internal maps, and the locations of CCTV cameras and alarms, before issuing a ransom demand. But the Uffizi contested this account, saying its security systems were inaccessible from the outside.
The attackers appeared to have moved through interconnected systems, computers, and phones, gradually piecing together a detailed picture of the museum's operations, Corriere reported. A ransom demand was later sent to museum director Simone Verde's personal phone, the newspaper said, with a threat to sell the data on the dark web.
The Uffizi is home to some of Italy's most celebrated artworks, such as Botticelli's Birth of Venus and Primavera. Corriere said the cyber-attack occurred between late January and early February, affecting not only the Uffizi but also its separate sites at Palazzo Pitti and the Boboli Gardens. The museum later clarified the hack had taken place on 1 February.
Ever since the Louvre museum in Paris was raided in broad daylight in October and priceless historic treasures stolen, with the masked gang seemingly able to take advantage of its weak and aging CCTV system, all major museums have had to reassess their security. The Uffizi said work that was already underway had been accelerated 'both before and after the cyber-attack'.
Its situation was 'nothing like the Louvre,' it stressed, with analogue cameras replaced with digital ones, following recommendations made by the police in 2024. Responding to claims that the hackers had found out the location of surveillance cameras and sensors, it said there was 'no evidence whatsoever that the hackers possessed any maps of the security systems'.
Anyone walking through the museum could see the cameras were located, as was the case with any public space, so there was little surprise that their location had been found out. 'No passwords were stolen - none whatsoever - because the security systems are entirely internal and closed-circuit,' it said, adding that employees' phones had also not been compromised by the hack.
Despite the controversy, the Uffizi, Italy's second-most visited museum after the Vatican, generating around €60m (£52m; $69m) in annual revenue, remains open to visitors, with ticketing and public areas largely unaffected.
