Christie’s Cyber Attack:  RansomHub Claims Responsibility For Disrupting Spring Auctions

Christie's London

Christie’s Reveals More Cyberattacks Data Breach Details – Update:  Auction House Christie’s announced on Thursday that it had alerted the FBI and British police about a cyberattack that incapacitated its website earlier this month. The company also began informing clients about the nature of personal data that had been compromised.

In an email to clients, Christie assured them that financial data and information about recent sales activity had not been exposed. However, it revealed that some personal data from clients’ identification documents had been compromised.

“The personal identity data came from identification documents, for example, passports and driver’s licenses, provided as part of client ID checks, which Christie’s is required to retain for compliance reasons,” Jessica Stanley, a Christie’s spokesperson, told a Thursday morning briefing. “No ID photographs, signatures, email addresses, or phone numbers were taken.”

This marked the first time Christie’s detailed to the public the kind of information that hackers might have acquired from its records on some of the world’s wealthiest art collectors. The disclosure came days after a group called RansomHub claimed responsibility for the cyberattack and threatened to release information on nearly 500,000 clients. Previously, Christie’s had referred to the cyberattack as a “technology security incident” and tried to reassure anxious bidders with a temporary website despite severe concerns among some employees.

Despite the severity of the breach, Christie’s managed to downplay its impact on bidders. Its marquee spring auctions, which commenced shortly after the hack, achieved sales totalling $528 million. RansomHub, which claimed responsibility for the hack, stated on the dark web that “we attempted to come to a reasonable resolution with them, but they ceased communication midway through” and threatened to release the data.

In its email to clients, Christie’s stated that it had notified the relevant law enforcement authorities in Britain and the United States. Law enforcement officials did not immediately respond to requests for comment. Christie’s urged clients to monitor their accounts for unusual activity and offered them “complimentary identity theft protection and monitoring services.”

According to sources on Twitter, including @DarkWebInformer and Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, RansomHub alleges they have obtained information on over 500,000 of Christie’s private clients. The group posted an image on the dark web showcasing a sample of the information they claim to have accessed. In their message, RansomHub stated that they had attempted to negotiate with Christie’s but that the auction house cut off communication midway through the process.

“It is clear that if this information is posted, they will incur heavy fines from the violation of GDPR, ruin their reputation with their clients, and not care about their privacy,” RansomHub wrote. GDPR refers to the European General Data Protection Regulation, which governs the use, processing, and storage of personal data in the European Union.

Christie’s described the incident as a “technology security issue” and said, “Christie’s confirms that a technology security issue has impacted some of our systems, including our website. We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We regret any inconvenience to our clients, and our priority is to minimise any further disruption. We will provide further updates to our clients as appropriate.”

Despite the attack, Christie’s created a temporary website and successfully navigated the New York sales. The auction house generated $114.7 million from the Rosa de la Cruz and 21st Century sales and $413 million during its 20th Century Evening sale.

Questions remain about the extent of the data breach. Nimrod Kamer, a writer for Interview Magazine, suggested that RansomHub might have accessed only client ID and address information, not financial data. Christie’s spokesperson, Edward Lewine, stated, “Our investigations determined there was unauthorised access by a third party to parts of Christie’s network,” adding that the hackers obtained “some limited amount of personal data” on specific clients, but there was no evidence of financial or transactional records being compromised.

Founded in 1766, Christie’s is a leading global art and luxury business in 46 countries. The auction house is renowned for its live and online auctions, private sales, and comprehensive portfolio of services, including art appraisal, art financing, and international real estate. Christie’s has achieved numerous records, including the highest price for artwork at auction and the launch of the first fully on-chain auction platform for NFT art. Committed to responsible practices, Christie’s continues influencing the art market and supporting innovative startups. For more information, visit or download Christie’s apps.

Read More