A cyberattack targeted Christie’s, a leading London-based auction house, at the beginning of May.

A hacker group called Ransomhub, which claimed responsibility for this attack, is now threatening to release sensitive information about around half a million of Christie’s clients.

Screenshots of the hackers’ announcement were shared in a post on X by security researcher Dominic Alvieri. According to the hackers, Ransomhub attempted to negotiate “a reasonable solution” with Christie’s, but the auction house “cut off communication halfway.”

The hackers warned that releasing the stolen data would lead to “significant fines due to GDPR” and damage Christie’s reputation.

Ransomhub claims to have obtained “sensitive personal information” of at least 500,000 private clients worldwide, including full names, genders, birth dates, birthplaces, and nationalities. It also listed some data fields that might be linked to clients’ participation in Christie’s auctions.

To emphasize their demands, the ransomware hackers released some sample data. A countdown on its website suggests that the remaining data will be published in early June unless Christie’s meets the ransom demands.

It is unknown whether the hackers possess all the information they claim to have.

According to a Bloomberg report, the cyberattack forced Christie’s to take its website offline on May 9, just days before its important spring auction in New York. The website remained down for around 10 days; however, Christie’s managed the spring auction through an alternative website.

A spokesperson for Christie’s told the New York Times that the group responsible for the cyberattack stole “a limited amount of personal data from some clients,” but there is no evidence that financial or transactional data was compromised. According to the newspaper, Christie’s downplayed the extent of the attack before the major spring auction, referring to it only as a “technological security issue.”

A Christie’s spokesperson stated the company is currently informing data protection authorities and government agencies about the incident, and that affected customers would be notified shortly.

Exploiting High-Value Targets

Ransomware groups continue to find new avenues to maximize their impact and exploit high-value targets, noted Ray Kelly, security expert at Synopsys Software Integrity Group. “If you think about the clients that Christie’s serves, it’s easy to see how the data can be incredibly damaging to their high-profile clients as well as Christie’s reputation.”

Data leaked by ransomware groups can have a wide range of risks for victims. Identity theft facilitated using Social Security Numbers (SSNs), dates of birth, and other personally identifiable information (PII) can be exploited to open fraudulent accounts, apply for loans, or commit other forms of financial fraud, Kelly added. “Account hijacking is another example where attackers use stolen information to bypass security measures such as multi-factor authentication,” he said.

By accessing sensitive personal information, cybercriminals can take over accounts which leads to unauthorized transactions, financial theft and misuse of private data.

Cybercriminals Grow Bolder

Ani Chaudhuri, CEO of Dasera, said this incident highlights cybercriminals’ growing boldness and sophistication, as they aim to exploit vulnerabilities in sectors traditionally less associated with cyber threats. “The ransomware attack on Christie’s builds upon this evolving threat landscape where cybercriminals continuously target high-profile institutions with rich client data,” he said.

Christie’s reputation amplifies the impact of this ransomware attack. “When this happens to great companies, you see the significant media attention, which only magnifies the reputational damage and potential financial repercussions,” Chaudhuri said.

Christie’s high status also implies that its clientele includes high-net-worth individuals, whose personal data leakage can have far-reaching consequences, both personally and professionally.

“Christie’s case serves as an unfortunate reminder of the pervasive nature of cyber threats and the critical need for proactive and comprehensive cybersecurity measures,” Chaudhuri said. He added the ransomware attack highlights a critical issue in cybersecurity: the necessity of refusing to pay ransoms.

“Paying ransoms only emboldens cybercriminals, encouraging them to carry out more attacks,” Chaudhuri said. “There is no guarantee paying the ransom will result in the safe return of data.”

Photo credit: rupixen on Unsplash