Administrative Systems Targeted While Visitor Services Continue as Normal
A weekend cyberattack on the Uffizi Gallery in Florence disrupted administrative servers and staff email systems but left ticketing, surveillance and visitor services operational, allowing the museum to remain open to the public.
Between Saturday, Jan. 31, and Sunday, Feb. 1, technicians at the Uffizi detected malware on internal back-office systems, forcing the shutdown of staff computers and the temporary suspension of work email accounts.
According to information from the local press, the intrusion affected administrative functions only. Visitor reception, ticketing, the museum’s main website and video surveillance systems were reportedly untouched, and the Uffizi opened on its normal schedule.
A formal complaint has been filed with Italy’s postal police, and forensic analysis is underway.
The attack highlights a growing cybersecurity risk for major cultural and academic institutions. In recent years, museums and universities across Europe and North America have faced ransomware attacks and data theft attempts, often exploiting outdated software, weak network segmentation and staff phishing, according to the Sophos State of Ransomware Education 2025 report.
The timing of the Uffizi breach coincided with a separate cyberattack at Sapienza University of Rome, prompting investigators to examine whether the two incidents are connected, according to local media reports.
Museum technicians activated containment and recovery procedures. Staff were instructed not to power on computers until cleared by IT personnel, to avoid remote connections to museum systems and to change email passwords as soon as possible.
Backups were brought online as teams began verifying the extent of the attack and restoring affected services. Museum spokespeople have not released technical details.
There are no reports of compromised digital collections or damage to public-facing systems, according to local press. Nevertheless, the disruption has slowed a number of internal activities. Human resources, procurement, internal communications and some administrative scheduling have been affected as staff work around the intrusion.
Officials caution that full administrative recovery could take several days as backups are reviewed and data integrity is confirmed.
The Uffizi’s priority during the incident was preserving visitor safety and maintaining front-of-house operations. Ticket desks and online ticketing continued to function, guided tours proceeded as planned and surveillance systems remained active, allowing the gallery to maintain normal opening hours (Tuesday to Sunday, 8:15 a.m. to 6:30 p.m., closed Mondays).
Standard ticket prices for the main collection remained unchanged, and audio guides and visitor information services continued to be available.
Italy’s postal police, which handles cybercrime, has been notified and is coordinating investigative efforts with the museum’s IT staff. Authorities aim to trace the point of entry, determine whether sensitive administrative data was accessed and assess whether the attack exploited known vulnerabilities in the museum’s systems.
If links to the Sapienza University incident are established, investigators will examine whether similar tactics were used, such as phishing, credential stuffing or shared software vulnerabilities.
The incident underscores the growing vulnerability of cultural institutions that combine historic heritage with increasingly complex digital operations.
The Uffizi, a mid-16th-century Vasari palace built for the Medici family, houses masterpieces including Botticelli’s The Birth of Venus, Leonardo’s Annunciation, and works by Michelangelo and Caravaggio. The museum draws millions of visitors each year and relies heavily on digital systems for ticketing, collections management and communications.
Recent incidents at other museums and universities have shown how administrative outages can disrupt operations even when galleries remain physically open to the public.
Experts cited by Times Higher Education note that preventive measures such as regular software patching, stronger network segmentation, off-site encrypted backups, multi-factor authentication for staff accounts and ongoing cybersecurity training can significantly reduce the risk of attacks.
The Uffizi’s recovery process is expected to include a review of existing security measures and may prompt broader investment in IT protection across Italy’s cultural institutions, as has occurred following similar incidents in the past.
For visitors, the museum remains open and main services are functioning. For administrators and policymakers, the breach serves as a reminder that protecting priceless artworks today requires digital resilience as much as physical security.
Investigations and restoration work are expected to continue in the coming days. Museum authorities have indicated they will provide updates as systems are gradually brought back online.
Ph: Mlle Sonyah / Shutterstock.com
