One of the world’s most famous cultural institutions, Florence’s Uffizi Galleries, has confirmed that it fell victim to a cyber intrusion earlier this year, but has pushed back firmly against widespread reports that core security infrastructure protecting its iconic art collection was breached. The conflicting accounts of the incident, first reported by leading Italian newspaper Corriere della Sera, have sparked debate about digital security risks facing major global cultural heritage sites.
According to Corriere della Sera’s reporting, hackers gained unauthorized access to the museum’s interconnected IT networks between late January and early February 2026, later confirming the attack specifically took place on February 1. The outlet claimed the intruders moved through connected workstations, office computers and staff mobile devices to gradually compile sensitive data: including internal facility maps, access codes, and the exact placement of CCTV cameras and alarm systems. The report added that after extracting the data, the attackers sent a ransom demand directly to Uffizi director Simone Verde’s personal mobile phone, threatening to auction the stolen information on the dark web if their demands were not met. The attack was also said to have expanded beyond the main Uffizi site to hit two affiliated Florence landmarks: the Palazzo Pitti former Medici royal residence and the adjacent Boboli Gardens.
Corriere della Sera further claimed that in response to the hack, Palazzo Pitti’s Medici Treasure exhibition galleries were closed starting February 3, and the valuable historic collection held there was secretly moved to a secure vault at the Bank of Italy for protection. The report also alleged that several doors and emergency exits at the palace were bricked up, and staff were ordered not to discuss the incident with external parties.
In an official statement addressing the reporting, the Uffizi leadership has pushed back against most of the outlet’s key claims, while acknowledging that a cyber attack did occur. Museum officials stressed that the physical security systems protecting the gallery’s world-famous artworks—including masterpieces like Botticelli’s *The Birth of Venus* and *Primavera*—were never put at risk. Unlike interconnected office IT networks, the museum’s security systems operate on a fully closed, internal network that cannot be accessed from external actors, the Uffizi explained.
The institution also addressed specific claims one by one: it noted that any member of the public visiting the gallery can easily observe the location of security cameras, as is standard for all public spaces, so there is no risk in this information being known. It added that no passwords were stolen at any point, because the closed-circuit security system does not require external password access, and no staff personal devices were compromised by the intrusion. In response to claims that the hackers stole the Uffizi’s entire decades-long digital photographic archive of artworks and historical documents, museum officials confirmed that the main server was temporarily taken offline, but this was a precautionary step to restore from a pre-existing full backup. The restoration process is now complete, and no data was lost, the statement confirmed.
Regarding the reported closure of Palazzo Pitti galleries and the transfer of the Medici Treasure to the Bank of Italy, the Uffizi did not deny the move, but clarified it was part of pre-planned renovation work, not a response to the cyber attack. On the subject of bricked-up doors and exits, the museum explained the work is tied to long-overdue fire safety upgrades and structural preservation for the 16th-century historic building, which had lacked official fire safety certification for decades. Just two days before the Uffizi’s statement, the institution submitted its full safety documentation to Italian fire brigade authorities, officials added.
The incident comes at a time when major international museums are re-evaluating their physical and digital security protocols, in the wake of a high-profile daylight robbery at Paris’ Louvre Museum in late 2025. During that incident, a masked gang exploited the Louvre’s outdated, poorly functioning CCTV system to steal priceless artifacts, prompting widespread security reviews across top cultural institutions globally. The Uffizi noted that it had already been upgrading its security infrastructure before the cyber attack, including replacing all outdated analog cameras with modern digital systems following 2024 police recommendations, a process that has only been accelerated after the February intrusion. It also emphasized that its security posture is nothing like the Louvre’s pre-robbery infrastructure.
Despite the cyber incident and ongoing public controversy around its details, the Uffizi—Italy’s second most visited museum after the Vatican Museums, which generates approximately €60 million in annual visitor revenue—remains fully open to the public. Ticketing operations and all public visitor areas have remained largely unaffected by the incident.