Hackers claim responsibility for Christie’s cyberattack and threaten to release client data

The hacker group RansomHub has claimed responsibility for the cyberattack that took down Christie’s website earlier this month. It said it is now in possession of “sensitive personal information” on the auction house’s clients, which it is threatening to release.

In a post on the dark web on Monday—a screenshot of which was shared on X by Brett Callow, a threat analyst with the cybersecurity firm Emsisoft—RansomHub said it had gained access to data on “at least 500,000” Christie’s customers from “all over the world”, including full names, document numbers, nationalities and birth dates.

“We attempted to come to a reasonable resolution with [Christie’s] but they ceased communication midway through,” RansomHub’s post continues. Referring to the General Protection Data Regulation (GDPR) passed by the EU in 2016, the group said: “It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don’t care about their privacy.”

Speaking to the New York Times, Callow said: “We know that Christie’s had an incident and a known ransomware operation has now claimed responsibility. There is no real reason to doubt the claims.” According to the newspaper, the group said it would release the data, posting a countdown timer that would reach zero by the end of May.

In a statement, a Christie’s spokesperson said: “Our investigations determined there was unauthorised access by a third party to parts of Christie’s network,”, adding that the hacker group gained “some limited amount of personal data” of certain clients, but that it had no evidence of “financial or transactional records” being compromised. “Christie’s is currently notifying privacy regulators, government agencies as well as in the process of communicating shortly with affected clients.”

Christie’s cyberattack brought down its website on 9 May, days before its marquee spring auction season. The auction house described the incident as a “technology security issue”. It continued with almost all of its live sales without a functioning website, and netted around $530m (with fees) from its evening sales of 20th and 21st century art, and the collection of the late Rosa de la Cruz.