Skip to content

RansomHub claims responsibility for cyberattack on Christie’s

  • by
  • 3 min read

The hacker group RansomHub has claimed responsibility for a cyberattack on the prestigious auction house Christie’s. The attack disrupted its website just days before its major spring sales and gained access to the sensitive information of at least 500,000 private clients.

The attack forced Christie’s to shut down the website for ten days and explore alternative bidding methods, raising concerns over the security of sensitive client information.

On Monday, RansomHub posted on the dark web asserting that it had infiltrated Christie’s network and accessed data on some of the world’s wealthiest art collectors. The hackers provided limited examples of names and birthdays as proof.

“While utilising access to Christie’s network, we were able to gain access to their customers’ sensitive personal information,” said the dark web post as accessed by DarkWebInformer. “We attempted to come to a reasonable resolution with them but they ceased communication midway through. It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don’t care about their privacy.”

While the veracity of their claims remains unconfirmed, several cybersecurity experts recognise RansomHub as a credible ransomware threat. The extent of the data breach, particularly whether financial details and client addresses were compromised, is still unclear.

The group has threatened to release the data, with a countdown timer set to expire at the end of May.

Christie’s spokesperson, Edward Lewine, confirmed the unauthorised access, stating, “Our investigations determined there was unauthorised access by a third party to parts of Christie’s network. The group behind the incident took a limited amount of personal data about some of our clients. There is no evidence that any financial or transactional records were compromised.”

The General Data Protection Rules of the EU mandate that companies disclose cyberattacks that may have compromised client data. Noncompliance can result in fines exceeding $20 million. The looming threat of such penalties adds to the pressure on Christie’s to manage the fallout from this breach, reports NYT.

RansomHub has recently emerged as a formidable ransomware group, possibly linked to the notorious ALPHV network, a collective of Russian-speaking cyber extortionists that claimed the United Healthcare cyberattack. Earlier this year, ALPHV was implicated in a cyberattack on Change Healthcare, allegedly resulting in a $22 million ransom payment.

Despite the severity of the breach, Christie’s has downplayed its impact, referring to it as a ‘technology security incident.’ This strategy appears to have mitigated immediate concerns, as evidenced by the auction results, which showed little impact on buyer and seller behaviour. The spring sales season concluded with $528 million in sales, and Christie’s has since regained control of its website.

However, internally, Christie’s has been fraught with uncertainty and limited communication. Following the cyberattack, the auction house is notifying privacy regulators, government agencies, and affected clients.

In the News: Play Store apps will now show an ‘Account deletion available’ badge

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: