An alleged hacker attack on the computer systems of the Uffizi Galleries and its possible consequences for the security of the museum complex are at the center of a divergence between what Corriere della Sera reported in an article published this morning and the official version provided by the museum’s management through a clarification note.
According to reports in Corriere della Sera, between late January and early February a group of hackers managed to breach the computer network of the Uffizi Galleries, which includes the main museum, Pitti Palace and the Boboli Gardens. The version initially circulated, as the newspaper writes, spoke of administrative systems being affected, but the paper claims that the intrusion was reportedly more far-reaching, with access to servers and data being stolen. Among the materials allegedly stolen would be thePhotographic Cabinet archive, which contains digitizations of works and documents accumulated over decades.
Official communications released by the Uffizi Galleries, on the other hand, claim that no theft took place. In the note, the museum also specifies that the photo server was not stolen and that the data backup is complete.
The Milan newspaper’s investigation also claims that hackers managed to enter the museum’s technical office systems, getting their hands on access codes, passwords, alarm systems, internal maps, entrances, exits and service routes. According to this reconstruction, the intruders would also know the location of surveillance cameras and sensors, information that, if used, would theoretically allow them to move within the facilities with detailed knowledge of the control systems.
The Uffizi management disputes this passage as well. The official note states that no passwords were stolen and that the security systems operate on closed internal circuits, not accessible from the outside. The museum also adds that there is no evidence to show that the hackers possessed maps related to the security systems.
According to Corriere della Sera, the perpetrators of the intrusion also allegedly sent a ransom demand. The newspaper reports that the demand was allegedly delivered directly to the personal phone of the director of the Uffizi Galleries, Simone Verde, and that the hackers threatened to sell on the dark web the information stolen from the museum’s servers if payment was not made. The cyber attack was taken seriously by prosecutors and the postal police, with the involvement of the National Cybersecurity Agency, headed by Prefect Bruno Frattasi.
The memo released by the Uffizi Galleries does not go into detail about any ransom demands, but it specifies that no employee phones would have been infiltrated and that staff personal devices do not appear to have been compromised.
The article published this morning also speculates that the breach of computer systems was made possible by a flaw in a program that manages the flow of low-resolution images accessible from the museum’s institutional website. From that access point, according to sources cited by the newspaper, hackers were able to move within the computer network connected to the museum’s servers, which would include computers, phones and other devices.
The Galleries’ management attributes the slowdowns recorded in the following weeks to the technical operations required to restore the computer system through backups. The note states that the days of paralysis of administrative activities were related solely to the time needed to recover data. Therefore, no information was lost.
The Corriere della Sera article also links a number of measures taken in recent months to possible security actions following the attack. These include the closure of an entire section of the Pitti Palace since Feb. 3, referred to as “extraordinary maintenance,” and the “hurried” transfer of the most precious jewels of the Grand Dukes’ Treasury to the vault of the Bank of Italy.
The museum management provides a different explanation regarding the Medici Treasure. According to the official note, the closure of the area is related to the renovation of the entire museum of Pitti Palace, the tender for which was launched in September. The transfer of the most valuable objects was reportedly planned as early as the fall, with contacts made between the Uffizi Galleries and the Bank of Italy.
The Milanese newspaper also cites the walling up of some doors and emergency exits inside the museum complex as part of the measures taken after the computer intrusion. The article adds that employees would be instructed not to speak publicly about the situation.
On this point, the Uffizi management makes it clear that part of the interventions is related to the adaptation of the fire-fighting plan. The note recalls that anScia, a certified report of the start of activities, has been filed with the fire department, described as an important step after decades of the absence of fire certification for the museum complex. Other interventions, the institution adds, have been carried out to reduce the permeability of spaces in historic buildings dating back to the 16th century, which have been adapted over time to museum functions.
The Corriere della Sera article also suggests that the hackers might have detailed knowledge of the museum’s organizational and technical structure, assuming a prolonged period of residence within the computer systems before the intrusion was discovered.
The Uffizi management does not confirm this reconstruction and stresses that there is no evidence of access to security infrastructure or staff devices. The note also adds that the location of the surveillance cameras does not represent confidential information, since the devices are visible to anyone inside the museum premises.
The museum also intervenes on the issue of the video surveillance system mentioned in the article. According to the management, the cameras had been under a replacement program for some time. The previous analog devices would be gradually replaced with digital systems after a police report in 2024. The process, the note says, was also accelerated in light of recent incidents at the Louvre.
Finally, the retort from the Uffizi Galleries management also concerns the way in which the newspaper allegedly gathered the information. Only later would it emerge that it was a journalist and that two articles on the alleged security problems following the February 1 hacker attack had already been paginated and sent to press. The piece published this morning also states that the director of the Uffizi, “contacted,” would “prefer not to comment.”
 |
| Hackers at the Uffizi? Courier speaks of stolen data, museum denies |
The author of this article: Noemi Capoccia
Originaria di Lecce, classe 1995, ha conseguito la laurea presso l'Accademia di Belle Arti di Carrara nel 2021. Le sue passioni sono l'arte antica e l'archeologia. Dal 2024 lavora in Finestre sull'Arte.Warning: the translation into English of the original Italian article was created using automatic tools. We undertake to review all articles, but we do not guarantee the total absence of inaccuracies in the translation due to the program. You can find the original by clicking on the ITA button. If you find any mistake,please contact us.
IT
FR
DE
ES
CN