Uffizi Denies Hackers Had “Access Everywhere” After Reported Cyberattack
A cyber incident at Florence’s Uffizi Gallery has turned into a public dispute over what, exactly, was exposed. The museum says a recent report claiming hackers gained sweeping access to its systems — including sensitive security information — is false.
The controversy follows an April 3 story in the Italian daily Corriere della Sera, which alleged that attackers penetrated the museum complex’s IT network, demanded a ransom directly from Uffizi director Simone Verde, and threatened to sell stolen data on the dark web. The report further suggested that the breach triggered abrupt operational changes across the Gallerie degli Uffizi complex, which includes the Uffizi, the Pitti Palace, and the Boboli Gardens.
In a statement cited by Reuters several hours after the Italian newspaper’s report appeared, the museum confirmed it was targeted in a cyberattack on February 1. But it said no data was taken and that hackers did not obtain security maps of the museum or employees’ personal contact information.
Corriere della Sera pointed to a series of developments at the Pitti Palace as circumstantial evidence of a serious intrusion. Among them: the closure of a section of the palace beginning February 3, described as “until further notice,” and the rapid transfer of jewels from the Treasury of the Grand Dukes — decorative arts historically associated with the Medici family and housed at the Pitti Palace — to a vault at the Bank of Italy. The report also claimed staff were instructed not to discuss the situation.
The museum has rejected that framing, saying both the closure and the relocation of the jewels were tied to a planned renovation of the Pitti Palace that had been in preparation since last fall. A renovation plan was announced in July 2025, though the published details focused on first- and second-floor spaces, while the Treasury of the Grand Dukes occupies the ground floor and mezzanine — a discrepancy that helped fuel speculation.
The Italian newspaper’s account went further, alleging that the Uffizi’s servers were “wiped clean,” resulting in the loss of an archive of photographs and documents. It also raised the most alarming possibility for any major museum: that attackers extracted information about entry codes, passwords, alarm systems, and even the precise locations of surveillance cameras and sensors.
According to the report, the breach may have begun through outdated software used to manage low-resolution images on the museum’s website. The Uffizi has downplayed the scope of what was compromised, denying that security information or maps were accessed and stating that it maintains a full backup of the photo server involved.
The museum remains open to visitors. Its galleries continue to display works by Italian masters including Raphael, Caravaggio, Artemisia Gentileschi, Titian, Leonardo, and Sandro Botticelli — a reminder that, even as museums modernize their buildings and digital infrastructure, their public-facing mission rarely pauses.
The episode arrives amid heightened attention to museum security, where digital vulnerabilities increasingly sit alongside physical risks. For institutions stewarding globally significant collections, the question is no longer whether they will be targeted, but how transparently and effectively they can communicate what happened when they are.
