Overview
- Florence prosecutors opened a case on February 2nd for attempted extortion and unlawful access after a late‑January to early‑February breach of the Polo Museale Fiorentino network that includes the Uffizi, Palazzo Pitti, and the Boboli Gardens.
- As of Sunday, investigators say no stolen museum files have surfaced on dark‑web leak sites despite a €300,000 crypto ransom sent to director Simone Verde’s phone with threats to publish data.
- Technical leads under review point to roughly 20 compromised machines and a likely entry through an outdated tool on the public site used to manage low‑resolution image downloads.
- Attribution remains unconfirmed as police and the national cybersecurity agency examine links to Eastern Europe–based actors, with the name MedusaLocker circulating among leads.
- Museum leaders say no artworks or passwords were taken and backups are intact, and they describe closed rooms, bricked doors, and the transfer of the Medici treasures to the Bank of Italy vault as renovation and fire‑safety work while forensic teams secure systems.