Hackers steal data of 500,000 Christie's auction house customers and demand ransom

May 30, 2024  16:05

In early May, a cyberattack was carried out on the computer networks of the renowned London auction house Christie’s, claimed by the hacker group Ransomhub, according to Security Boulevard. The hackers are demanding a ransom, threatening to publish the data of approximately 500,000 Christie’s clients if their demands are not met.

A screenshot of the hackers' statement was posted on the social network X by security researcher Dominic Alvieri. It mentions that they attempted to negotiate with Christie’s for a “reasonable solution,” but the auction house “cut off communication halfway through.”

The perpetrators warned that publishing the confidential data of Christie’s clients would lead to “significant fines under GDPR” and damage the auction house’s reputation.

According to Ransomhub, they have stolen “confidential personal information” of at least 500,000 private Christie’s clients worldwide, including full names, gender, dates of birth, place of birth, and nationality. As evidence, the hackers released some sample data. The cybercriminals launched a countdown on their website, indicating their intention to publish the data in early June if Christie’s does not meet the ransom demand.

According to Bloomberg, due to the cyberattack, Christie’s was forced to shut down its website on May 9, a few days before an important spring auction in New York. As a result, the auction was held through an alternative website, and the main site was down for 10 days.

A Christie’s spokesperson acknowledged in an interview with the New York Times that a “limited amount of personal data of some clients” was stolen, noting that there is no evidence that financial or transactional data was compromised. The newspaper reminded that prior to the spring auction, Christie’s called the incident a “technological security issue,” downplaying the scale of the breach.

A Christie’s representative stated that the company is working with law enforcement on this matter and will notify affected clients shortly.

“Considering the high-profile clients Christie’s serves, it’s easy to see how much damage the publication of the data could cause them and Christie’s reputation,” noted Ray Kelly, a security expert from Synopsys Software Integrity Group.

Ani Chaudhuri, CEO of software developer Dasera, stated that this incident highlights the growing boldness and sophistication of cybercriminals. The high status of the auction house implies that its clients include wealthy individuals, for whom a personal data breach poses far-reaching consequences both personally and professionally.

“Paying the ransom only emboldens cybercriminals, encouraging them to carry out more attacks,” Chaudhuri said. “There is no guarantee that paying the ransom will lead to the safe return of the data.” 

  • Archive