The cyberattack on the Uffizi should be a cause for concern for every museum in Europe.

The cyberattack on the Uffizi should be a cause for concern for every museum in Europe.

      A cyberattack on one of Italy's most esteemed cultural institutions highlights a sector skilled in physical security but neglectful of digital protections. On the morning of February 1, 2026, staff at the Uffizi Galleries in Florence discovered their email accounts were suspended, their internal servers inaccessible, and the operational infrastructure of this renowned museum effectively shut down.

      The malware infiltrated through a vulnerability associated with software handling low-resolution images on the museum’s website, a gap so minor that it had gone unnoticed. Within hours, the perpetrators navigated through the network linking the Uffizi, Palazzo Pitti, and the Boboli Gardens, accessing the photographic archive server and reportedly sending a ransom demand directly to the mobile phone of director Simone Verde, as noted by the Italian newspaper Corriere della Sera.

      The Uffizi's official response was prompt and decisive: nothing was taken, no security systems were breached, and the incident was “nothing like the Louvre.” This comparison, aimed at providing reassurance, may in fact expose the precarious state of cultural security in Europe. The Uffizi cyberattack draws interest not for the damage done, but for what it has uncovered: a sector that has honed physical protection over centuries while inadvertently becoming digitally vulnerable.

      The mention of the Louvre is particularly relevant. On October 19, 2025, thieves impersonating construction workers utilized a freight lift to access a second-floor balcony, cut through a window, and within eight minutes, stole eight pieces of the French Crown Jewels valued at roughly €88 million. A subsequent Senate investigation disclosed that only 39% of the museum’s rooms had CCTV coverage, one external camera was misaligned, and the surveillance system's password was simply “Louvre.” Director Laurence des Cars eventually resigned in February 2026, and the jewels remain missing.

      Thus, the Uffizi had legitimate reasons to make this distinction. Its incident was digital rather than physical: no masked intruders, no cherry pickers, no broken display cases. The museum remained operational, with ticket sales and visitor areas unaffected. The Uffizi stated that the only disruption was related to backup restoration time.

      However, while this distinction is technically correct, it obscures a more unsettling reality. The Louvre theft was a traditional crime exploiting a physical vulnerability: a poorly secured window. In contrast, the situation at the Uffizi fits a different mold altogether, wherein the threat is obscured, the perimeter is limitless, and the full extent of the damage may remain unclear for months.

      The disparity between the details reported by Corriere della Sera and the Uffizi's assertions remains notably wide. The newspaper detailed a protracted breach in which attackers accessed the entire museum network, extracted access codes, internal maps, and CCTV camera locations, took control of the photographic server, and sent a ransom demand along with a threat to auction the compromised data on the dark web.

      The Uffizi countered this by asserting that its physical security systems operate on closed internal networks that are not accessible externally. It claimed no passwords were taken and emphasized that the locations of cameras in a public museum are easily visible to visitors, making their “discovery” unremarkable. It also asserted that the photographic archive had a complete backup.

      What remains unquestioned is that malware did infiltrate the administrative systems in late January and early February, that staff email was disrupted, that Italian authorities initiated an investigation into attempted extortion and unauthorized computer access, and that technical assessments have associated the incident with BabLock, a ransomware variant also known as Rorschach, which had previously been linked to an attack on La Sapienza University of Rome.

      The Uffizi also confirmed actions taken to move Medici-era treasures to the Bank of Italy and to seal certain doorways with bricks and mortar, although they attributed these measures to planned renovations and fire safety requirements. They explained that replacing analogue surveillance cameras with digital ones had been recommended by police in 2024 and expedited following the Louvre robbery. While these explanations are reasonable, the timing raises questions about their coincidence.

      The significance of the Uffizi incident lies not in its severity but in its typicality. Cultural institutions across Europe and North America have increasingly faced cyberattacks, revealing a sector that is fundamentally unprepared for such threats.

      In October 2023, the ransomware group Rhysida attacked the British Library, resulting in the leak of over 600 gigabytes of stolen data after the library refused to pay, with recovery costs estimated at £6 to £7 million. A late 2023 attack on Gallery Systems, a software provider for major American museums, caused wide disruptions across its entire client base.

      In 2022, the Metropolitan Opera in New York experienced a cyberattack that incapacitated its website, box office, and call center. In 2020, Hackney Museum in London was affected by a broader attack on its borough council, which its project curator later described as a “

The cyberattack on the Uffizi should be a cause for concern for every museum in Europe.

Other articles

nFuse secures $2M to enable small retailers to place orders through WhatsApp. nFuse secures $2M to enable small retailers to place orders through WhatsApp. nFuse has secured $2 million in funding from Eleven Ventures and LAUNCHub for a B2B ordering platform that operates via WhatsApp and SMS. Samsung Galaxy S26 Review: This small flagship seems to be playing it too safe. Samsung Galaxy S26 Review: This small flagship seems to be playing it too safe. The Galaxy S26 offers the well-known Samsung flagship experience in a smaller size, but the absence of significant hardware advancements prevents it from feeling genuinely thrilling. Netflix has launched a new gaming app for children that eliminates ads and in-app purchases. Netflix has launched a new gaming app for children that eliminates ads and in-app purchases. Netflix has introduced Playground, a new standalone gaming app for children aged 8 and younger, featuring no advertisements, no in-app purchases, and characters from Peppa Pig, Sesame Street, and others. Bill Ackman suggests acquiring Universal Music Group for €56 billion. Bill Ackman suggests acquiring Universal Music Group for €56 billion. Pershing Square has made a non-binding offer to acquire Universal Music Group at a price of €30.40 per share, reflecting a 78% premium. OpenAI introduced a safety fellowship. OpenAI introduced a safety fellowship. OpenAI revealed an external Safety Fellowship shortly after a New Yorker investigation indicated that it had dismantled its superalignment program. nFuse secures $2M to enable small retailers to place orders through WhatsApp. nFuse secures $2M to enable small retailers to place orders through WhatsApp. nFuse has secured $2 million in funding from Eleven Ventures and LAUNCHub for a B2B ordering platform that operates via WhatsApp and SMS.

The cyberattack on the Uffizi should be a cause for concern for every museum in Europe.

The cyberattack on the Uffizi exposes a sector that is fundamentally unready for digital risks, despite physical robberies occurring at the Louvre and various museums throughout Italy.