Uffizi Galleries Confirms Cyber-Attack, Denies Security Breach

Severity: Low (Score: 36.9)

Sources: En.Ilsole24Ore, Surinametimes

Summary

The Uffizi Galleries in Florence confirmed a cyber-attack occurred between late January and early February 2026, affecting its IT systems but denying any damage or theft of artworks. Hackers reportedly accessed sensitive security data, including access codes and internal maps, and issued a ransom demand to museum director Simone Verde's personal phone. However, the Uffizi stated that its security systems are closed-circuit and not accessible from the outside, asserting that no passwords were stolen. The attack also impacted the Palazzo Pitti and Boboli Gardens, leading to heightened security measures. The museum is currently cooperating with prosecutors and the National Cybersecurity Agency to investigate the incident. The Uffizi emphasized that the situation is not comparable to the Louvre's recent security failures, as upgrades to their surveillance systems were already in progress. Key Points: • Uffizi Galleries confirmed a cyber-attack but reported no theft or damage. • Hackers accessed sensitive data and issued a ransom demand to the museum director. • The museum's security systems are closed-circuit, preventing external access.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• Boboli Gardens (company)
• Gallerie Degli Uffizi (company)
• Palazzo Pitti (company)
• Uffizi Galleries (company)
• Italy (country)
• T1567 - Exfiltration Over Web Service (mitre_attack)