Hacker Group Takes Credit for Christie’s Cyberattack

RansomHub is threatening to release Christie's client data after taking down the auction house’s website during May's marquee sales.

May 28, 2024By Emily Snow, News, Discoveries, Interviews, and In-depth Reporting
hacker-group-takes-credit-christies-cyberattack
The 21st Century Evening Sale at Christie’s New York in May 2024. Source: Bloomberg.

 

The hacker group RansomHub claimed responsibility for the unprecedented cyberattack that shuttered Christie’s website earlier this month. In a dark web message, the “ransomware gang” threatened to leak “sensitive personal information” on the auction house’s clients. Christie’s website was down for several days during New York’s spring marquee week, one of the most highly anticipated sale seasons in the auction world.

 

Christie’s Hacked During May Marquee Sales

christies-website-down-statement-may-2024
The hacked website was redirected to a statement regarding the “technology security incident.” Source: Christie’s.

 

A cyberattack shut down Christie’s official website on May 9, just days before its crucial week of spring auctions was set to begin. At the time, Christie’s described the incident as a “technology security issue [that] has impacted some of our systems.” The statement continued, “We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We regret any inconvenience to or clients and our priority is to minimize any further disruption. We will provide further updates to our clients as appropriate.” By May 10, the auction house’s website was redirected to a similar statement regarding the issue.

 

Despite lacking a functional website for about ten days, Christie’s proceeded with nearly all of its live marquee week sales. Accommodating in-person and over-the-phone bidders, the auction house netted a total of $640 million with fees from the week of sales, including the 20th and 21st century evening sales—which featured late television producer Norman Lear’s art collection—and the Rosa de la Cruz collection evening sale.

 

A Dark Web Discovery

christies-413m-20th-century-evening-sale
Christie’s New York. Source: Wikipedia.

 

According to threat analyst Brett Callow, the hacker group RansomHub claims it hacked Christie’s website and gained access to sensitive client data. In a post on the dark web on May 27, RansomHub wrote, “While utilizing access to Christie’s network we were able to gain access to their customers’ sensitive personal information… for at least 500,000 of their private clients from around the world.” The group threatened to release the data if the auction house did not comply with their demands, posting a countdown timer set to reach zero by the end of May. RansomHub claimed it “attempted to come to a reasonable resolution” with Christie’s, but that the auction house “ceased communication midway through” the alleged negotiations.

Get the latest articles delivered to your inbox

Sign up to our Free Weekly Newsletter

 

Callow explained to The New York Times, “We know that Christie’s had an incident and a known ransomware operation has now claimed responsibility. There is no real reason to doubt the claims.” RansomHub made headlines for extorting Change Healthcare in 2022, which Callow also reported on at the time. It has not yet been confirmed exactly what data RansomHub stole from Christie’s, nor what ransom is being demanded of the auction house.

 

Christie’s Website is Now “Fully and Securely Functional”

christies-new-york-20th-century-evening-sale
Adrien Meyer, Head of Private Sales, Adrien Meyer, at the 20th Century Evening Sale on May 16, 2024. Source: Christie’s.

 

In a statement, a spokesperson for Christie’s said, “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network” and that the hacker group “took some data from the Christie’s network, including a limited amount of personal data relating to some of our clients.” The auction house claims there is no evidence that the group accessed any clients’ “financial or transactional records” but noted they are “in the process of communicating shortly with affected clients.” As of now, Christie’s website is again “fully and securely functional” and the auction house is proceeding with business as usual at all locations.

Author Image

By Emily SnowNews, Discoveries, Interviews, and In-depth ReportingEmily Snow is an American art historian and writer based in Amsterdam. In addition to writing about her favorite art historical topics, she covers daily art and archaeology news and hosts expert interviews for TheCollector. She holds an MA in art history from the Courtauld Institute of Art with an emphasis in Aesthetic Movement art and science. She loves knitting, her calico cat, and everything Victorian.