The data of 500,000 customers of the auction house was stolen

Hacking group RansomHub announced the theft of personal data of half a million customers of the famous auction house Christie’s, confirming the intrusion into the company’s network and the theft of a limited amount of personal data. RansomHub, appeared in February 2024 and has already attacked at least 45 organizations. The group avoids attacks on targets in Russia, CIS countries, Cuba, North Korea and China.

Christie’s, one of the most famous auction houses in the world, has been operating for almost 260 years and last year received revenues of more than $6.2 billion. The company already experienced security incidents last year when photos of paintings and sculptures containing the GPS coordinates of the artwork’s location were stolen. The problem was solved only after the intervention of the media.

Earlier this month, ahead of a planned sale worth about $840 million, Christie’s website was shut down due to a hacker attack. RansomHub, a ransomware group, claimed responsibility for the attack and posted the information on its darknet blog. The stolen data includes names, surnames, dates of birth, places of birth, document numbers, document expiry dates, nationalities and other personal information.

A representative of Christie’s confirmed that as a result of the unauthorized access, third parties were able to steal a limited amount of personal data of some customers, but no financial or transactional records were compromised. The auction house is currently notifying the relevant authorities and preparing to notify affected customers.

RansomHub says that negotiations with Christie’s regarding the ransom were unsuccessful because the auction house refused to pay the ransom. It is known that paying the ransom does not guarantee the destruction of stolen data and only encourages further attacks. This attack showed that even the best-known and most protected organizations are not immune to cyber threats. It is important to follow the recommendations of law enforcement agencies and not pay the ransom, as this can only encourage new attacks.