Christie’s Assures Its Wealthy Clients Hackers Have Not Used Their Data After Cyberattack

Auction house Christie’s is sending letters to customers whose data was caught up in a recent ransomware attack saying hackers have not (yet) used the stolen data to illicit ends.

Christie's, the world’s most expensive auction house, confirmed in May it had fallen victim to a ransomware attack seemingly orchestrated by a Russia-linked cybercriminal gang.

The RansomHub operation soon took credit for the attack claiming it had failed to extort the auction house and moved onto selling the data to the highest bidder.

The gang claimed to have stolen personal information related to some 500,000 of Christie's wealthy clients around the world, giving the house less than a week to pay up to keep the data safe.

No evidence of misuse

Christie’s is now sending breach notification letters to affected individuals, saying it determined that the threat actor who breached its systems stole client data between May 8 and May 9. It says it is “not aware” of hackers trying to misuse clients’ information, according to a PDF copy of the letter shared by BleepingComputer.

“We took additional steps to secure our systems and continue to evaluate technical and organizational measures to avoid the reoccurrence of a similar incident,” Christie's letter reads.

A spokesperson with the house told The Register that the attackers “accessed client names and, for a subset of clients, took some other personal identity information,” and that “there is no evidence that any financial or transactional records were taken, for any clients.”

“The personal identity data came from identification documents, for example, passports and driving licences, provided as part of client ID checks, which Christie's is required to retain for compliance reasons. No ID photographs, signatures, email addresses, or phone numbers were taken,” the spokesperson said.

An unforced error

Christie’s clients are suing the auction house over the incident, with one lawsuit describing the breach as “a direct result of [Christie’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect consumers’ PII from a foreseeable and preventable cyberattack.”

Ransomware operators almost always have the upper hand when extortion negotiations don't pan out. Anyone with a Christie's account should keep a vigilant eye on their incoming emails or texts. Fraudsters pay good money to leverage stolen personal data in socially engineered scams.

Scamio combats cyber-scams leveraging personal information stolen in data breaches. If you're suspicious about a certain phone call, email, or SMS, simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code, or link. Scamio lets you know in seconds if it’s a sham. Use it anywhere via web browser, Facebook Messenger, or WhatsApp. Share Scamio with your friends and family abroad in France, Germany, Spain, Italy, Romania, Australia, and the UK.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.