Data Breach News

RansomHub Claims Cyberattack On Christie’s Auction House

However, Christie's CEO Guillaume Cerutti says there's no evidence that transactional or financial data had been compromised in the breach

by Alan J May 28th, 2024

Share on LinkedInShare on Twitter

The notorious ransomware gang RansomHub has claimed responsibility for a recent cyberattack on Christie’s auction house, disrupting its website just days before its marquee spring sales and leaking data to back up its claims.

The group posted a message on its dark web leak site claiming to have gained access to compromised information about the world’s wealthiest art collectors. Christie’s officials downplayed the seriousness of the breach, however, and said that no financial or transactional data was compromised in the attack.

RansomHub Claims Cyberattack on Christie’s Auction House

The attack, which occurred two weeks ago, had brought down Christie’s official website, forcing the auction firm to switch to methods such as an alternative domain to reach potential buyers and sellers ahead of its highly anticipated spring sales after the company announced it would proceed with the sales despite setbacks.

The sales were scheduled to occur at multiple locations such as New York and Geneva, and estimated to fetch 850 million dollars from buyers.

The RansomHub ransomware gang has now claimed responsibility for the attack on its leak site, stating that it had compromised about 2GB of data from the the auction giant during the initial network compromise.

The details were said to include BirthPlace, MRZFull, DocumentNumber, BirthDate, ExpiryDate, FirstName, LastName, IssueDate, IssuingAuthority, DocumentCategory, DocumentType and NationalityName.

Source: (@AlvieriD)

The threat actor group said they had attempted to come to a “reasonable solution,” but that Christie’s had ceased communications midway and failed to pay the demanded ransom. The threat group shared an alleged sample of the stolen data.

Source: (@AlvieriD)

The hackers warned that Christie’s would face heavy fines under the EU’s General Data Protection Regulation (GDPR) and face reputation damage among its clients. The General Data Protection Regulation (GDPR) mandates that EU companies disclose security incidents that compromise client data, with non-compliance potentially leading to fines up to $22 million.

Cybersecurity experts describe RansomHub as a powerful ransomware group with possible ties to ALPHV, a network of Russian-speaking extortionists.

Christie’s Auction House Downplays Data Leak

Christie’s acknowledged the cyberattack on Christie’s Auction House and unauthorized access, with spokesman Edward Lewine stating that the auction house is investigating the incident. The preliminary findings indicate that the hackers obtained a limited amount of personal client data but stopped short of compromising financial or transactional records.

Christie CEO Guillaume Cerutti also stated in a recent interview with CNBC that there was no evidence that any transaction or financial data has been impacted or leaked in the incident.

The company appeared to downplay the impact of the incident earlier, describing it as a “technology security incident.” However, employees privately reported a sense of panic, with limited information shared about the breach by top leaders.

Several prominent buyers and sellers also indicated to the New York Times that they were in the dark about the impact, and were not alerted to the hack until a reporter had reached out to them.

Lewine stated that the auction house was now in the process of notifying privacy regulators and government agencies, and would also be notifying affected clients shortly. Despite the attack, the spring sales concluded with $528 million in revenue, suggesting the incident did not significantly deter bidding activities. Following the sales, Christie’s regained control of its website.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button