SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Christie’s Says Ransomware Attack Impacts 45,000 People

Auction house Christie’s says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals.
Christie's ransomware data breach

Auction house Christie’s has informed authorities that the data breach caused by a recent ransomware attack impacts the information of roughly 45,000 individuals.

According to information submitted by the company to the Maine Attorney General, the intrusion was discovered on May 9. An investigation showed that the attackers managed to steal some files containing personal information. 

Impacted individuals are being notified. The notification letter sample submitted by Christie’s to the Maine AG does not specify what type of data was compromised besides names, driver’s license numbers, and non-driver identification card numbers. 

Impacted individuals are being offered identity theft and fraud monitoring services for 12 months, which suggests sensitive personal information was stolen by the hackers. 

The RansomHub ransomware group has taken credit for the attack, claiming to have stolen information such as name, birth date, address, and data from identification documents. 

The hackers claimed to have stolen information belonging to at least 500,000 Christie’s clients from around the world, but it’s not uncommon for ransomware groups to exaggerate their claims.

Advertisement. Scroll to continue reading.

On their leak website, the cybercriminals claimed to have sold the data stolen from the auction house. However, Emsisoft threat analyst and ransomware expert Brett Callow has questioned their claims, saying that they likely don’t want to admit not being able to monetize the attack. 

Broadcom’s Symantec reported last week that its researchers had found evidence suggesting that the RansomHub ransomware-as-a-service is “very likely an updated and rebranded version of the older Knight ransomware”.

However, Symantec said it’s unlikely that the creators of Knight are also operating RansomHub, noting that the Knight source code was put up for sale in February 2024 after its developers decided to shut down the operation. 

Related: Snowflake Data Breach Impacts Ticketmaster, Other Organizations

Related: BBC Data Breach Impacts 25,000 Employees

Related: FBCS Data Breach Impact Grows to 3.2 Million Individuals

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.