Search

Uffizi Says February Cyberattack Did Not Result in Data Theft or Loss

Cyber threats and incidents
By Evan Rowe

Related

Founders, Analysts & Industry Voices

CISOs to Watch in California County and City Level Government

California’s county and city governments operate some of the...
Read more
Founders, Analysts & Industry Voices

CISOs to Watch in California State Government

California state government depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California Community College

California’s community college districts serve large and varied populations...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California Universities

California’s university sector depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s High-Tech Manufacturing Industry

California’s high-tech manufacturing sector sits at the intersection of...
Read more

Share

What happened

The Uffizi Galleries said a cyberattack on Feb. 1 did not result in stolen data, lost information, or compromise of sensitive security materials. The museum issued the statement after reports claimed the incident had emptied servers, exposed security maps, infiltrated employees’ phones, and triggered an emergency transfer of valuable jewels to the Bank of Italy. The Uffizi said none of those claims were accurate. It said nothing was stolen, no information was lost, and a full backup of the photo server existed. The museum also said the only disruption was the time needed to restore backups. In addition, it said the removal of valuables from part of the Palazzo Pitti was tied to renovation work planned last autumn, not to the cyberattack. 

Who is affected

The direct impact fell on the Uffizi Galleries and related museum infrastructure, including the photographic server referenced in the statement. The museum said the attack did not lead to loss of information or theft of data and denied that security maps or employees’ phones had been compromised. 

Why CISOs should care

This incident matters because it shows how quickly a cyberattack can generate broader claims about operational, physical, and data security consequences before verified facts are established. It also highlights the value of having backups in place and being able to distinguish actual technical disruption from unconfirmed reports about wider compromise. 

3 practical actions

  1. Verify backup recovery under pressure: Ensure backup restoration processes can support fast recovery and clear internal reporting when cyber incidents disrupt core systems. 
  2. Separate verified impact from public claims: Build incident communications processes that quickly distinguish confirmed facts from broader external reports about theft, surveillance exposure, or operational fallout. 
  3. Coordinate cyber and physical security messaging: Make sure security teams can explain when physical asset movements or facility changes are unrelated to a cyber incident, especially in high-profile environments. 

For more news about disruptive intrusions affecting institutions and operations, click Cyberattack to read more.

Previous article
Hackers Can Hijack AI Agents Through Malicious Web Content
Next article
Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates
Founders, Analysts & Industry Voices

CISOs to Watch in California County and City Level Government

California’s county and city governments operate some of the...
Founders, Analysts & Industry Voices

CISOs to Watch in California State Government

California state government depends on cybersecurity leaders who can...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.