Ransomware gang threatens to release personal information of 500,000 Christie's customers

World-famous auction house Christie's has reportedly received threats from the ransomware group RansomHub just days before it is set to hold an auction worth a total of $840 million. RansomHub claims on the dark web that it has stolen financial data from Christie's as well as the personal information of 500,000 customers.

Ransomware Group Claims Responsibility for Christie's Hack - The New York Times

https://www.nytimes.com/2024/05/27/arts/design/hackers-claim-christies-attack.html

Ransomware group RansomHub claims recent cyber attack on Christie's - 500k clients potentially affected - Comparitech
https://www.comparitech.com/news/ransomware-group-ransomhub-claims-recent-cyber-attack-on-christies/

Christie's had been scheduled to hold its big spring auction at the end of May, which would have featured a rare collection of watches including one that once belonged to Formula One racer Michael Schumacher, but the security incident has caused the sale to be postponed.

'We have established procedures and practices in place that we regularly test to handle these types of incidents,' a Christie's spokesperson said.

RansomHub is a cybercrime group believed to be linked to Russia and has been reported to have conducted multiple ransomware attacks since February 2024. To date, 71 cyber attacks have been suspected to have been carried out by RansomHub, of which five have been confirmed to have been carried out by RansomHub.

RansomHub has demanded a ransom from Christie's, offering two things: a decryption key to unlock the system and the deletion of all stolen data. The ransom amount is unknown, but the hackers have threatened to make Christie's financial records, customer addresses, and other information publicly available on the Internet if the ransom is not paid by the end of May, and have published a countdown timer on the dark web.

RansomHub has posted the names and birthdates of some of Christie's customers on the dark web as evidence that they had accessed their information, and they also claim that Christie's demanded a ransom, but the payment was not made and Christie's lost contact with them midway.

A Christie's spokesperson said in a statement, 'Following our investigation, we have determined that a third party gained unauthorized access to parts of Christie's network. We have also determined that the group behind this incident stole some personal information about our clients. However, Christie's said there is no evidence that financial or transactional records were compromised.'

If RansomHub were to expose customer information online, Christie's could be fined more than $20 million under the General Data Protection Regulation (GDPR) .