The hacker group RansomHub claimed responsibility for the unprecedented cyberattack that shuttered Christie’s website earlier this month. In a dark web message, the “ransomware gang” threatened to leak “sensitive personal information” on the auction house’s clients. Christie’s website was down for several days during New York’s spring marquee week, one of the most highly anticipated sale seasons in the auction world.
Christie’s Hacked During May Marquee Sales
A cyberattack shut down Christie’s official website on May 9, just days before its crucial week of spring auctions was set to begin. At the time, Christie’s described the incident as a “technology security issue [that] has impacted some of our systems.” The statement continued, “We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We regret any inconvenience to or clients and our priority is to minimize any further disruption. We will provide further updates to our clients as appropriate.” By May 10, the auction house’s website was redirected to a similar statement regarding the issue.
Despite lacking a functional website for about ten days, Christie’s proceeded with nearly all of its live marquee week sales. Accommodating in-person and over-the-phone bidders, the auction house netted a total of $640 million with fees from the week of sales, including the 20th and 21st century evening sales—which featured late television producer Norman Lear’s art collection—and the Rosa de la Cruz collection evening sale.
A Dark Web Discovery
According to threat analyst Brett Callow, the hacker group RansomHub claims it hacked Christie’s website and gained access to sensitive client data. In a post on the dark web on May 27, RansomHub wrote, “While utilizing access to Christie’s network we were able to gain access to their customers’ sensitive personal information… for at least 500,000 of their private clients from around the world.” The group threatened to release the data if the auction house did not comply with their demands, posting a countdown timer set to reach zero by the end of May. RansomHub claimed it “attempted to come to a reasonable resolution” with Christie’s, but that the auction house “ceased communication midway through” the alleged negotiations.
Get the latest articles delivered to your inbox
Sign up to our Free Weekly Newsletter
Callow explained to The New York Times, “We know that Christie’s had an incident and a known ransomware operation has now claimed responsibility. There is no real reason to doubt the claims.” RansomHub made headlines for extorting Change Healthcare in 2022, which Callow also reported on at the time. It has not yet been confirmed exactly what data RansomHub stole from Christie’s, nor what ransom is being demanded of the auction house.
Christie’s Website is Now “Fully and Securely Functional”
In a statement, a spokesperson for Christie’s said, “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network” and that the hacker group “took some data from the Christie’s network, including a limited amount of personal data relating to some of our clients.” The auction house claims there is no evidence that the group accessed any clients’ “financial or transactional records” but noted they are “in the process of communicating shortly with affected clients.” As of now, Christie’s website is again “fully and securely functional” and the auction house is proceeding with business as usual at all locations.