Hacking Group Threatens to Disclose Christie’s Client Information
By Alex Yiu
The hacker group RansomHub threatened to release personal data of Christie’s clients if the auction house does not pay a ransom by May 31. The extortion gang claimed responsibility for a May 9 cyberattack on Christie’s that brought down its website and breached the “sensitive personal information” of its customers only days before its Spring sales in New York.
On May 27, RansomHub released a data sample from Christie’s client base, threatening to publicize all of the illegally acquired information—including the full names, birthplaces and dates, nationalities, and confidential government document details—of 500,000-plus clients. The group’s message was redacted and reposted to X by Brett Callow, a threat analyst at the cybersecurity firm Emsisoft who frequently reports on high-profile cases on social media. His most recent post notes that RansomHub is now trying to “[sell] Chrisite’s data by auction,” but it is “extremely unlikely that anybody would want to buy the information, and this is simply a Hail Mary effort to squeeze some money” out of the auction house.
Christie’s website initially shut down on May 9 and did not go back up until May 18. A temporary webpage with details about the auctions was established, and Christie’s technical issues did not appear to deter sales. The Rosa de la Cruz Collections garnered USD 34 million, selling seminal works by late Cuban-American artists such as Ana Mendieta and Felix Gonzalez-Torres, reassuring confidence from their clients.
A Christie’s spokesperson told the press: “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network . . . [but] there is no evidence that any financial or transactional records were compromised.” Christie’s has not confirmed the number of affected clients or how much extortion money RansomHub has demanded.
Alex Yiu is associate editor at ArtAsiaPacific.