Uffizi Galleries Confirm Cyber-Attack
The Uffizi Galleries in Florence have acknowledged experiencing a cyber-attack but firmly denied that the security systems protecting their renowned artworks were compromised.
The institution emphasized that no damage or theft occurred despite reports that hackers infiltrated the museum's IT infrastructure and accessed sensitive security information.
According to the Italian newspaper Corriere della Sera, hackers penetrated the museum's IT systems, allegedly extracting access codes, internal maps, and the locations of CCTV cameras and alarms before issuing a ransom demand.
However, the Uffizi Galleries disputed this narrative, asserting that their security systems were inaccessible from external sources.
"No passwords were stolen - none whatsoever - because the security systems are entirely internal and closed-circuit,"the museum stated, adding that employees' phones were also not compromised by the attack.
The attackers reportedly navigated interconnected systems, including computers and phones, gradually assembling a detailed understanding of the museum's operations, as reported by Corriere.
A ransom demand was subsequently sent to museum director Simone Verde's personal phone, accompanied by a threat to sell the data on the dark web.
Significance of the Uffizi and Related Sites
The Uffizi houses some of Italy's most celebrated artworks, including Botticelli's Birth of Venus and Primavera.
Corriere reported that the cyber-attack occurred between late January and early February, affecting not only the Uffizi but also its separate sites at Palazzo Pitti and the Boboli Gardens.
Since the high-profile daylight robbery at the Louvre Museum in Paris in October, where priceless historic treasures were stolen amid reportedly weak and outdated CCTV systems, major museums worldwide have been reassessing their security protocols.
The Uffizi indicated that ongoing security upgrades had been accelerated both before and after the cyber-attack.
"Its situation was 'nothing like the Louvre',"the museum stressed, noting that analogue cameras had been replaced with digital ones following police recommendations in 2024.
Responding to claims that hackers identified the locations of surveillance cameras and sensors, the Uffizi stated there was
"no evidence whatsoever that the hackers possessed any maps of the security systems."
They added that the locations of cameras were visible to anyone walking through the museum, as is typical in public spaces, so it was unsurprising that their positions were known.
Security Measures and Impact on Palazzo Pitti
Two floors of the Palazzo Pitti, historically the summer residence of the Medici family, normally house the "Medici Treasure." Corriere claimed the hack resulted in parts of the palace being closed since 3 February and valuable items being temporarily moved to a vault at the Bank of Italy for safekeeping.
The museum did not deny that treasures were relocated to a bank vault but maintained that this was part of planned renovation work.
According to Corriere, some doors and emergency exits at the palace had been sealed with bricks and mortar, and staff were instructed not to discuss the incident publicly.
The Uffizi attributed the bricked-up doors partly to fire safety measures.
"For decades, there had been no fire safety certification,"the museum pointed out, adding that it had submitted a safety notice to the fire brigade just two days prior.
Other sealed doors were explained as measures to
"prevent excessive permeability of the historic building's spaces - structures dating back to the 1500s - considering their changed functions and the evolving international context."
Digital Archive and Museum Operations
The Uffizi also responded to allegations that hackers had stolen the museum's entire digital photographic archive, a decades-long record of artworks and documents.
The museum insisted that its photographic server remained intact due to a backup system.
While acknowledging that the server had been taken offline, the Uffizi explained this was necessary to restore the backup, which has now been completed without any data loss.
Despite the controversy, the Uffizi, Italy's second-most visited museum after the Vatican, which generates approximately €60 million (£52 million; $69 million) in annual revenue, remains open to visitors, with ticketing and public areas largely unaffected.
