Auction house Christie’s has confirmed suffering a data breach after a ransomware group on Monday threatened to leak information stolen from the company.
Christie’s website went offline earlier this month due to what the company described at the time as a “technology security incident”. The cyberattack was launched just as the auction house was attempting to sell high-value items worth an estimated $840 million.
While the incident prevented potential buyers from viewing the auctioned items on Christie’s site, people could still make bids and the event was considered a success.
It now appears that the incident was the result of an attack conducted as part of a relatively new ransomware operation named RansomHub.
The cybercrime group emerged in February 2024 and made headlines in recent weeks after it started leaking data allegedly stolen from healthcare transactions processor Change Healthcare.
RansomHub listed Christie’s on its Tor-based leak website — along with a few other organizations — on Monday.
The cybercriminals claim to have stolen 2 Gb of data from the auction house and are threatening to make it public in less than a week unless a ransom is paid.
The black hat hackers claim to have stolen “sensitive personal information” belonging to “at least 500,000 [of Christie’s] private clients from all over the world”.
A screenshot posted by the hackers suggests that they have obtained a database containing personal information such as name, date of birth, address, nationality, and data from identification documents such as passports.
“We attempted to come to a reasonable resolution with them but they ceased communication midway through,” the ransomware group said. “It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don’t care about their privacy.”
In a statement to SecurityWeek, Christie’s said the company experienced a technology security incident earlier this month and took swift action to protect its systems, which included taking its website offline.
“Our investigations determined there was unauthorized access by a third party to parts of Christie’s network. They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised,” a Christie’s spokesperson said.
“Christie’s is currently notifying privacy regulators, government agencies as well as in the process of communicating shortly with affected clients,” the Christie’s spokesperson added.
Related: OmniVision Says Personal Information Stolen in Ransomware Attack
Related: Nissan Data Breach Impacts 53,000 Employees
Related: Personal Information Stolen in City of Wichita Ransomware Attack
