Hackers from RansomHub claimed responsibility for breaching Christie’s website, allegedly accessing data on 500,000 clients.
RansomHub, a well-known group of cyber-extortionists responsible for the Change Healthcare hack in February, has claimed responsibility for hacking Christie’s website.
This attack happened just as the prestigious auction house prepared for its major sale in New York. The hack forced Christie’s to shut down its website for ten days during a critical sales week, greatly disrupting its operations.
Christie’s Hacked in the Wake of Season
A source on Twitter @DarkWebInformer revealed RansomHub’s message on the dark web, saying that they have accessed sensitive information on more than 500,000 of Christie’s private clients.
🚨🚨🚨🚨
🚨#Ransomware🚨Allegedly, #RansomHub has named a new victim.#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Malware #Privacy #Infosec
Country: #UK🇬🇧
Threat Actor: RansomHub
Company: Christies Auction House
Industry: Auctions
Revenue: $6 Billion+
Data… pic.twitter.com/gmudRbWPaD— Dark Web Informer (@DarkWebInformer) May 27, 2024
RansomHub’s message on the dark web contained a sample of the compromised data, which included names, nationalities, and birth dates. The group claimed they tried negotiating with Christie’s to solve the issue peacefully, but the auction house abruptly cut off communication.
The hackers warned that failing to reach an agreement could lead to severe consequences, including heavy fines under the European General Data Protection Regulation (GDPR) and damage to Christie’s reputation.
The timing of the hack was especially bad for Christie’s, as the auction house was getting ready for its most important sales of the season. With their main website offline, there were fears that the attack would disrupt the anticipated sales events.
However, Christie’s adapted by quickly setting up an alternative website and giving registered collectors a separate link to bid online. Despite these significant operational challenges, the auction house successfully conducted its New York sales, generating $114.7 million for the Rosa de la Cruz and 21st Century sales and $413 million during the 20th Century Evening sale.
Christie’s Response
Following the cyberattack, Christie’s quickly addressed the incident, calling it a “technology security issue.”
In their official statement, the auction house confirmed that the breach had affected several of their systems, including the website. They stressed their commitment to resolving the issue quickly and effectively, stating:
“We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We will provide further updates to our clients as appropriate.”
To reduce the impact of the hack, Christie’s took several decisive actions:
- Website Shutdown: The primary website was shut down for ten days to prevent further unauthorized access and to conduct a thorough investigation.
- Alternative Site: During this period, Christie’s set up an alternative site to ensure that their major auction sales could continue.
- Collector Access: Registered collectors were given a separate link to bid online, keeping their important sales events continuity.
Furthermore, a Christie’s spokesperson told Bloomberg that Christie’s is currently notifying privacy regulators and government agencies in the process of communicating shortly with affected clients.
Are Richest Collectors Exposed?
The current status of data verification following the RansomHub hack is still unclear. While RansomHub claims to have accessed information on over 500,000 of Christie’s private clients, the authenticity and extent of this data breach are still being examined.
Cybersecurity expert Brett Callow from Emsisoft commented on the situation. Callow mentioned that while it seems “quite likely” that RansomHub was involved in the breach, it is uncertain if they obtained as much data as they claim.
One of the main concerns from this incident is the possible exposure of high-value art locations. If details about the locations of expensive artworks were compromised, it could create significant security risks. The release of such information could make these pieces targets for theft or other malicious activities. The art community is particularly worried about these risks, given the high stakes in protecting and selling valuable artworks.