SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Christie’s Says Ransomware Attack Impacts 45,000 People

Auction house Christie’s says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals.
Christie's ransomware data breach

Auction house Christie’s has informed authorities that the data breach caused by a recent ransomware attack impacts the information of roughly 45,000 individuals.

According to information submitted by the company to the Maine Attorney General, the intrusion was discovered on May 9. An investigation showed that the attackers managed to steal some files containing personal information. 

Impacted individuals are being notified. The notification letter sample submitted by Christie’s to the Maine AG does not specify what type of data was compromised besides names, driver’s license numbers, and non-driver identification card numbers. 

Impacted individuals are being offered identity theft and fraud monitoring services for 12 months, which suggests sensitive personal information was stolen by the hackers. 

The RansomHub ransomware group has taken credit for the attack, claiming to have stolen information such as name, birth date, address, and data from identification documents. 

The hackers claimed to have stolen information belonging to at least 500,000 Christie’s clients from around the world, but it’s not uncommon for ransomware groups to exaggerate their claims.

Advertisement. Scroll to continue reading.

On their leak website, the cybercriminals claimed to have sold the data stolen from the auction house. However, Emsisoft threat analyst and ransomware expert Brett Callow has questioned their claims, saying that they likely don’t want to admit not being able to monetize the attack. 

Broadcom’s Symantec reported last week that its researchers had found evidence suggesting that the RansomHub ransomware-as-a-service is “very likely an updated and rebranded version of the older Knight ransomware”.

However, Symantec said it’s unlikely that the creators of Knight are also operating RansomHub, noting that the Knight source code was put up for sale in February 2024 after its developers decided to shut down the operation. 

Related: Snowflake Data Breach Impacts Ticketmaster, Other Organizations

Related: BBC Data Breach Impacts 25,000 Employees

Related: FBCS Data Breach Impact Grows to 3.2 Million Individuals

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

Stephen Garcia has been named Chief Information Security Officer at BreachRx.

Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.

Chaim Mazal has been named Chief Information Security Officer at GitLab.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.