News Hub

Auction house Christie’s victim of data breach after ransomware attack

Written by Thu 30 May 2024

Techerati News Image

In early May, the website for major auction house Christie’s went offline after what it described as a “technology security incident.” The attack happened as Christie’s started to sell items worth an estimated $840 million and led to buyers being unable to view lots on the website. However, bids were still able to be placed either on the phone or in-person.

A relatively new group of cybercriminals called RansomHub have claimed to be behind the attack, with 2GBs worth of data allegedly from the auction house being threatened to be made public, unless a ransom is paid.

Christie’s CEO, Guillaume Cerutti, posted a statement on LinkedIn after the claims from RansomHub, saying: “Our subsequent investigation has determined there was unauthorised access by a third party to parts of Christie’s network. The investigation also identified that the group behind the incident took some data from the Christie’s network, including a limited amount of personal data relating to some of our clients.”

While Cerutti says there is no evidence of any financial or transaction data about Christie’s or its clients being taken, RansomHub have said they have access to sensitive personal information about 500,000 Christie’s customers, including birthdates, full names and ID numbers.

RansomHub have given Christie’s a week deadline to pay a random, or all information will be posted online, leaving the auction house facing potentially large fines from GDPR breaches and a damaged reputation. Christie’s have also said they are complying with all regulations and will make appropriate notifications to privacy regulators.

Due to its high-profile and wealthy client base, many private individuals use Christie’s as they offer the ability for buyers and sellers to remain anonymous. If personal details from billionaire clients are released, it would clearly be a major problem for Christie’s.

Written by Thu 30 May 2024


cybercrime hacking news security
Send us a correction Send us a news tip