A Ransomware Group Says It Was Behind the Christie’s Cyberattack

Earlier in May, Christie’s was the victim of a cyberattack. And now it seems like the perpetrators are coming forward.

RansomHub, a hacker group, owned up to the attack on Monday, Bloomberg reported. The entity took responsibility for the hacking of the auction house via the dark web, in a post saying that it had accessed clients’ personal data, including names, birth dates, and nationalities. RansomHub posted a sample of that information, with a countdown clock hinting that it would release all of the data early next month.

More from Robb Report

“Our investigations determined there was unauthorized access by a third party to parts of Christie’s network,” a spokesperson for the auction house told Bloomberg in a statement. “They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised.” (Bloomberg could not verify RansomHub’s claims or the veracity of the information that the group published.)

The cyberattack caused Christie’s to shut down its website on May 9, and it remained down for about 10 days, Bloomberg noted. While some auctions were able to proceed as planned, including the house’s major art sales in New York, others were postponed: The Geneva Rare Watches auction, for example, was pushed back a day because of the attack.

This isn’t the first time security questions have come into play at Christie’s. The auctioneer, which last year brought in $6.2 billion in global sales, had an online security flaw that was discovered in 2023. In that instance, people were able to see the GPS coordinates of photos uploaded to the Christie’s website, potentially revealing the location of artworks that the house was assessing for sale.

That same issue could be at play here: “The biggest concern in this case may be the possibility of the location of very expensive artworks being posted online,” the threat researcher Brett Callow told Bloomberg in an email.

While it’s unclear exactly how much data RansomHub was able to uncover in its attack, and what that data may contain, Christie’s said that it’s working to alert affected clients, as well as government agencies and privacy regulators. And with the website back up and running, it seems like it’s otherwise business as usual for the auction house.

Sign up for Robb Report's Newsletter. For the latest news, follow us on Facebook, Twitter, and Instagram.

Click here to read the full article.