Ocula Magazine   |   News   |   Crime

Known data thieves RansomHub are threatening to release customers' names, nationalities, ID numbers, 'and much more'. They posted a countdown timer that will reach zero by the end of May.

Hackers Claim to Hold Christie’s Client Data Ransom

Georgina Hilton sells the top lot of the Rosa de la Cruz Collection Evening Sale in New York on 14 May, 2024. Courtesy Christie's.

Cybercriminals RansomHub shared online a sample of what they claim is sensitive data belonging to 'at least 500,000' Christie's clients.

'We attempted to come to a reasonable resolution with [Christie's] but they ceased communication midway through,' they said. 'It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don't care about their privacy.'

Fines for breaching the EU's General Data Protection Regulation (GPDR) reach up to €20 million or 4% of worldwide annual turnover.

Christie's did not confirm whether or not they had communicated with people presenting as RansomHub, but a spokesperson for Christie's did acknowledge 'there was unauthorised access by a third party to parts of Christie's network.'

They said 'the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised.'

Courtesy Brett Callow on X.

Brett Callow, Threat Analyst at cybersecurity firm Emsisoft, shared a screenshot of RansomHub's post online today.

He told Ocula 'there's no real reason to doubt that RansomHub was involved in the attack. We know that Christie's had a cybersecurity incident and RansomHub, a known extortion operation, has claimed responsibility for it.'

'Whether they have as much data as they claim is an entirely different matter. They may or not be overstating their hand,' he added.

Callow said RansomHub is connected to 'a now-defunct Russian-speaking ransomware operation called Alphv, but the exact nature of that connection is unclear.'

He said it was unlikely RansomHub, whose other targets this year have included Australia's Design Intoto and America's Change Healthcare, was specifically targeting businesses in the art world.

'This would have been a crime of opportunity. The art world is not under attack—at least, no more or less than it usually is—and, in fact, Christie's itself may have been caught by a spray-and-pray attack rather than being specifically targeted.'

Christie's spokesperson said the auction house is currently notifying privacy regulators and government agencies. They said they are 'in the process of communicating shortly with affected clients.'

When it comes to resolving the situation, Callow said Christie's has two options: pay or don't pay.

'If the company pays, it will get a pinky promise from the criminals that the stolen data will be destroyed. If the company doesn't pay, whatever data RansomHub may have will probably be released online.' —[O]

Ocula discover the best in contemporary art icon.
Ocula discover the best in contemporary art icon.
Ocula Newsletter
Stay informed.
Receive our bi-weekly digest on the best of
contemporary art around the world.
Your personal data is held in accordance with our privacy policy.
Ocula discover the best in contemporary art icon.
Get Access
Join Ocula to request price and availability of artworks, exhibition price lists and build a collection of favourite artists, galleries and artworks.
Do you have an Ocula account? Login
What best describes your interest in art?

Subscribe to our newsletter for upcoming exhibitions, available works, events and more.
By clicking Sign Up or Continue with Facebook or Google, you agree to Ocula's Terms & Conditions. Your personal data is held in accordance with our Privacy Policy.
Thank you for joining us. Just one more thing...
Soon you will receive an email asking you to complete registration. If you do not receive it then you can check and edit the email address you entered.
Thank you for joining us.
You can now request price and availability of artworks, exhibition price lists and build a collection of favourite artists, galleries and artworks.
Welcome back to Ocula
Enter your email address and password below to login.
Reset Password
Enter your email address to receive a password reset link.
Reset Link Sent
We have sent you an email containing a link to reset your password. Simply click the link and enter your new password to complete this process.