Christie's website hacked, data of 45k clients stolen

The auction house Christie’s confirms a cybersecurity incident just days before major sales events anticipated to generate approximately $840 million. On May 10, visitors to Christie’s website encountered a message indicating the site was offline due to technical issues, with an apology for the inconvenience and instructions for registering interest or placing bids via alternative contact details.

The New York Times first reported the hack, citing confirmation from Christie’s spokesman Edward Lewine, who assured that the auction house is actively managing the situation with the help of additional technology experts. Lewine also mentioned that updates would be provided to clients as appropriate.

This incident poses challenges for Christie’s and it's customers  with the upcoming high-value sales events scheduled for the following week:

• Rosa de la Cruz collection sale on May 14, expected to exceed $30 million.
• 21st Century Evening Sale on May 14, with anticipated earnings over $100 million.
• 20th Century Evening Sale on May 16, expected to reach up to $500 million.

The details of the current hack, including whether any sensitive information was accessed, is not disclosed.

Christie’s previously suffered a data breach in September, which exposed photographs of paintings and sculptures uploaded by collectors for review.

Update - as of 27th of May 2024, the RansomHub ransomware claimed responsibility for the cyberattack on Christie’s auction house. RansomHub has leaked a data sample and claims they have “much more for at least 500,000 of [Christie’s] private clients from all over the world”.

On May 30, Christie's informed its clients about the data breach through a detailed letter. The auction house has also reported to the Federal Bureau of Investigation and the British police. According to Christie's, the stolen data includes client names and various personal identity details, but financial and transactional records remain secure.

The compromised data inlcudes:

• Full names
• Genders
• Passport numbers
• Passport expiry dates
• Dates and places of birth
• Information from the front of driver's licenses or national identity cards, such as name, date of birth, country, and document number.

Shortly after the report, RansomHub began auctioning the stolen data on the dark web, emphasizing their intention to sell the information only once. The group’s post invited interested parties to inspect a sample of the data and then make contact for a purchase.

As of 9th of June 2024, the auction house has informed authorities that the data breach caused by a recent ransomware attack impacts the information of roughly 45,000 individuals.

The auction house is offering impacted people a free twelve-month subscription for the CyEx Identity Defense Total identity theft and fraud monitoring service, which will alert them of changes to their Experian, Equifax, and TransUnion credit files to spot any potentially fraudulent activity on their credit reports.