In the latest development in the high-profile cyberattack on Christie’s auction house by the ransomware group RansomHub, new details about the extent of the data breach have come to light. Christie’s informed its clients that the hackers had accessed client names and other personal identity details. The auction house has alerted the Federal Bureau of Investigation and British police about the breach.
A spokesperson for Christie’s provided reassurances, stating, “There is no evidence that any financial or transactional records were taken for any clients. The personal identity data came from identification documents, such as passports and driving licenses, provided for client ID checks, which Christie’s must retain for compliance. No ID photographs, signatures, email addresses, or phone numbers were taken.”
The compromised data from some clients’ passports included full names, genders, passport numbers, expiry dates, and date and place of birth. For other identification documents, such as driver’s licenses or national identity cards, all data shown on the front of the cards was exposed, including names, dates of birth, countries, and document numbers.
Shortly after Christie’s announcement, RansomHub listed the stolen data for auction on the dark web. Their post read, “Let us sell the data by auction. We abide by the rules of RansomHub and only sell once… Find something you like in the sample, then contact us.” This move followed an earlier threat to release the information publicly, made around 3 p.m. on Thursday, according to cybersecurity expert Brett Callow of Emsisoft.
Callow expressed scepticism about the hackers’ intentions, stating on X (formerly Twitter), “It’s doubtful that anybody would want to buy the information, and this is simply a Hail Mary effort to squeeze some money from Christie’s.” In a phone conversation, Callow highlighted potential concerns for Christie’s and interested buyers, such as the location of particular artworks or financial details that could assist in committing identity-related fraud.
Referring to an earlier RansomHub post detailing their data, Callow noted, “The fact that they haven’t shown that they have any additional information, either to put further pressure on Christie’s or to attract buyers, would strongly indicate that they do not have any.”
Looking ahead, Callow speculated that the gang might claim to have sold the data to save face. “It’s a way of saving face when they cannot monetize attacks. It’s not just about the current victim but also future victims. They don’t want them to think they can refuse to pay and nothing will happen,” he concluded.
Christie’s, a leading player in the global art market, now faces the challenge of managing client concerns and reinforcing its cybersecurity measures in the wake of this breach. The incident underscores the increasing threat of cyberattacks in art and the need for stringent data protection protocols.
Photo: Courtesy Christies