Hackers are very active in the quickly digitizing global business, and auction houses also become victims of their malicious activities. Christie’s auction house has recently disclosed the details of a cyberattack it suffered earlier in May. The international hacker group RansomHub assumed responsibility for the attack that led to the blockage of the auction’s official website and put the sensitive data of Christie’s clients under threat.

The auction house’s authorities do not confirm the outcomes of the attack and the degree of data breach that hackers have managed to arrange. Yet, RansomHub claims to possess sensitive personal details of the auction’s clients, which it threatens to disclose. According to rough outsider estimates, the breach has affected over 500,000 Christie’s clients from all parts of the globe. The data that RansomHub hackers have managed to capture includes full names, birth dates, and document numbers of the auction’s customers.

Cyberattack Details

The exploit of the official website of Christie’s auction house occurred on May 9, 2024, only several days before the launch of the spring auction session. Upon detecting the attack, Christie’s announced a cybersecurity issue but went on to complete all live sales with a new value of $530+ million.

The spring session featured many one-of-a-kind exhibits, including a $35+ million painting by Vincent van Gogh and rare wine items, with a queue of impatient collectors willing to take hold of them. However, the event took place during the website’s downtime, with the official website redirecting all visitors to a page with the auction house’s phone numbers.

The collectors couldn’t view the items on sale or apply on the official website, with all bids accepted only in person or via hotline. Christie’s also managed to accept online bids via its Live Service. The sale of a rare watch collection was eventually delayed due to technical issues.

How Did Christie’s Auction House Handle the Breach?

According to the official statement of Christie’s representatives, hackers have managed to access only a limited volume of customer data, with no factual evidence of financial data or records of transactions for purchased works of art leaking into their hands.

RansomHub participants, however, disseminated a message that Christie’s was reluctant to cooperate with hackers and stopped communication before any consensual agreement was reached. They threaten to publish the seized customer records that will put Christie’s under GDPR litigation once the auction house’s failure to protect customer data is proven.