Hackers Claim to Hold Christie’s Client Data Ransom
Georgina Hilton sells the top lot of the Rosa de la Cruz Collection Evening Sale in New York on 14 May, 2024. Courtesy Christie's.
Cybercriminals RansomHub shared online a sample of what they claim is sensitive data belonging to ‘at least 500,000’ Christie’s clients.
‘We attempted to come to a reasonable resolution with [Christie’s] but they ceased communication midway through,’ they said. ‘It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don’t care about their privacy.’
Fines for breaching the EU’s General Data Protection Regulation (GPDR) reach up to €20 million or 4% of worldwide annual turnover.
Christie’s did not confirm whether or not they had communicated with people presenting as RansomHub, but a spokesperson for Christie’s did acknowledge ‘there was unauthorised access by a third party to parts of Christie’s network.’
They said ‘the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised.’
Brett Callow, Threat Analyst at cybersecurity firm Emsisoft, shared a screenshot of RansomHub’s post online today.
He told Ocula ‘there’s no real reason to doubt that RansomHub was involved in the attack. We know that Christie’s had a cybersecurity incident and RansomHub, a known extortion operation, has claimed responsibility for it.’
‘Whether they have as much data as they claim is an entirely different matter. They may or not be overstating their hand,’ he added.
Callow said RansomHub is connected to ‘a now-defunct Russian-speaking ransomware operation called Alphv, but the exact nature of that connection is unclear.’
He said it was unlikely RansomHub, whose other targets this year have included Australia’s Design Intoto and America’s Change Healthcare, was specifically targeting businesses in the art world.
‘This would have been a crime of opportunity. The art world is not under attack—at least, no more or less than it usually is—and, in fact, Christie’s itself may have been caught by a spray-and-pray attack rather than being specifically targeted.’
Christie’s spokesperson said the auction house is currently notifying privacy regulators and government agencies. They said they are ‘in the process of communicating shortly with affected clients.’
When it comes to resolving the situation, Callow said Christie’s has two options: pay or don’t pay.
‘If the company pays, it will get a pinky promise from the criminals that the stolen data will be destroyed. If the company doesn’t pay, whatever data RansomHub may have will probably be released online.’ —[O]
Main image: Georgina Hilton sells the top lot of the Rosa de la Cruz Collection Evening Sale in New York on 14 May, 2024. Courtesy Christie's.
A respected voice in contemporary art discourse.
Focusing on ambitious storytelling and insightful art-world commentary. Ocula Magazine publishes in-depth interviews, critical essays and timely analysis on the artists, exhibitions and ideas driving the global art world.
Learn more about Ocula Magazine
Showcasing the best of the art world.
Ocula partners with galleries from around the world to highlight their artists, artworks and exhibitions. Gallery membership is by application and invitation, with each member vetted by an independent panel.
Learn more about Ocula Membership
Specialises in the sale of major artworks.
Led by a team with deep ties to the world’s leading auction houses, galleries and collectors. Ocula’s advisory team offers bespoke services to high-net-worth clients from around the world who are looking to acquire the best of contemporary and modern art.
Learn more about our team and services