Christie’s website brought down by hackers days before marquee spring auctions

Just days before it sells hundreds of millions of dollars of art—including to clients who will be watching and bidding online—the auction house Christie’s has suffered an apparent cyberattack, bringing down its website. Art market observers first noticed the problem on Thursday evening (9 May), and by Friday morning (10 May), the firm’s web address was redirecting visitors to a placeholder page listing telephone numbers for its offices in London, New York, Paris and Hong Kong, plus a general email address.

“We apologise that our website is currently offline,” a message on the page reads. “We are working to resolve this as soon as possible and regret any inconvenience. To register your interest, or to bid, in an upcoming sale please use the contact details provided.”

In response to enquiries from The Art Newspaper, a Christie’s spokesperson did not elaborate on the nature of the cyberattack, the timeline for getting its website back up or whether client data had been exposed.

“Christie’s confirms that a technology security issue has impacted some of our systems, including our website,” the spokesperson said. “We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We regret any inconvenience to our clients, and our priority is to minimise any further disruption. We will provide further updates to our clients as appropriate.”

Collectors, advisers and dealers looking to do their homework ahead of next week’s marquee spring sales in New York already had their work cut out for them before Christie’s website outage, with a number of major lots headed to the auction block. The auction house’s offerings next week include a major Claude Monet riverscape, Moulin de Limetz (1888), which is partially owned by the Nelson-Atkins Museum of Art in Kansas City and expected to bring as much as $25m; and one of Jean-Michel Basquiat’s coveted 1982 stretcher-bar paintings, The Italian Version of Popeye has no Pork in his Diet, estimated to sell for around $30m. The auction house is also handling the sale of the coveted holdings from the influential Miami-based collectors Rosa and Carlos de la Cruz, following Rosa’s death in February.

As more and more art-market functions and museum operations are managed through web-based services—from client portals to online cataloguing systems—those platforms are being targeted by hackers with increasing frequency. Late last year, a cyberattack targeting the inventory-management platform Gallery Systems made the digital collections at several US museums inaccessible. In 2017, hackers using a comparatively rudimentary email-hacking scam were able to intercept payments between dealers and their clients, pocketing sums from £10,000 to £1m.