The Uffizi Galleries in Florence have confirmed they were subject to a cyber-attack – but denied that the security systems protecting their famous works had been compromised.

The Uffizi stressed that nothing had been either damaged or stolen, after hackers were reported to have infiltrated the museum’s IT systems and accessed sensitive security data.

Italian newspaper Corriere della Sera reported that hackers had infiltrated the museums’ IT systems, allegedly extracting access codes, internal maps and the locations of CCTV cameras and alarms, before issuing a ransom demand.

But the Uffizi contested this account, saying its security systems were inaccessible from the outside.

The attackers appeared to have moved through interconnected systems, computers and phones, gradually piecing together a detailed picture of the museum’s operations, Corriere reported.

A ransom demand was later sent to museum director Simone Verde’s personal phone, the newspaper said, with a threat to sell the data on the dark web.

The Uffizi is home to some of Italy’s most celebrated artworks, such as Botticelli’s Birth of Venus and Primavera.

Corriere said the cyber-attack occurred between late January and early February, affecting not only the Uffizi but also its separate sites at Palazzo Pitti and the Boboli Gardens. The museum later clarified the hack had taken place on 1 February.

Ever since the Louvre museum in Paris was raided in broad daylight in October and priceless historic treasures stolen, with the masked gang seemingly able to take advantage of its weak and aging CCTV system, all major museums have had to reassess their security.

The Uffizi said work that was already under way had been accelerated “both before and after the cyber-attack”.

Its situation was “nothing like the Louvre”, it stressed, with analogue cameras replaced with digital ones, following recommendations made by the police in 2024.

Responding to claims that the hackers had found out the location of surveillance cameras and sensors, it said there was “no evidence whatsoever that the hackers possessed any maps of the security systems”.

Anyone walking through the museum could see were the cameras were, as was the case with any public space, it said, so there was little surprise that their location had been found out.

“No passwords were stolen – none whatsoever – because the security systems are entirely internal and closed-circuit,” it said, adding that employees’ phones had also not been compromised by the hack.

Two floors of the Palazzo Pitti normally house the “Medici Treasure”, so-called because the powerful Renaissance banking family spent their summers there, and Corriere claimed the hack had led to parts of the palace being closed since 3 February and valuable items being temporarily transferred to a vault of the Bank of Italy for safekeeping.

The museum did not deny that the treasures had been taken to a bank vault but insisted the move was part of planned renovation work.

Some doors and emergency exits at the palace had been sealed with bricks and mortar, and staff instructed not to speak publicly about the incident, according to Corriere.

However, the Uffizi attributed the bricked-up doors in part to fire-safety measures.

For decades, there had been no fire safety certification, it pointed out, and only two days ago it had submitted a safety notice to the fire brigade.

Other doors were sealed, it added, “to prevent excessive permeability of the historic building’s spaces – structures dating back to the 1500s – considering their changed functions and the evolving international context”.

It also reacted to claims that the intruders had stolen the Uffizi’s entire digital photographic archive – a decades-long record of artworks and documents – insisting that its photographic server was intact because a back-up was in place.

Although it appeared to acknowledge the server had been taken down, it said that was necessary for the backup to be restored. That was now complete and no data had been lost, it said.

Despite the controversy, the Uffizi, Italy’s second-most visited museum after the Vatican, generating around €60m (£52m; $69m) in annual revenue, remains open to visitors, with ticketing and public areas largely unaffected.