cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

RansomHub posts Christie’s Auction House data sample, claims 500k customers affected

A sample of data belonging to Christie’s Auction House has been posted online, just weeks after a major auction was delayed due to outages relating to a cyber attack.

user icon Daniel Croft
Tue, 28 May 2024
RansomHub posts Christie's Auction House data sample, claims 500k customers affected
expand image

On 9 May, the auction house suffered what it called a “technology security issue”, which made its website inaccessible.

“We apologise that our full website is currently offline. We are looking to resolve this as soon as possible and regret any inconvenience,” the website said.

According to reports, alongside the website being inaccessible, users looking to access the website were redirected to a page that displayed the locations of a number of artworks.


Christie’s then confirmed that a cyber attack was to blame, and despite this, went ahead with its $840 million spring auction, only delaying an auction selling rare watches, including the watch collection of famous German motorsports icon Michael Schumacher.

Now, RansomHub has posted a sample of data belonging to the auction house.

“We attempted to come to a reasonable resolution with them but they ceased communication midway through,” the group said, inferring that ransom negotiations were taking place.

“It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don’t care about their privacy.”

According to the ransomware group, the data exfiltrated belonging to Christie’s customers and included first and last names, birth date, birthplace, sex, nationality, full MRZ (Machine Readable Zone found on passports, IDs and visas) code, and some document data, including document category, document type, issuing authority, issue date and expiry date.

RansomHub said it has this data “and much more for at least 500,000 of [Christie’s] private clients from all over the world”.

Christie’s Auction House is yet to release a statement regarding RansomHub’s latest post.

Cyber Daily has reached out to Christie’s Auction for comment on the issue.

The attack on Christie’s came at a key time for the auction house, with the spring art auctions accounting for as much as half of the auction house’s annual revenue.

“A cyber attack like this is the 21st-century equivalent of a hand grenade in a small room,” art market lawyer Thomas C. Danziger told The New York Times.

“Twenty-five years ago, it would have been a flood or a hurricane.”

Update 29/05/2024 - A Christies Auction spokesperson responded to Cyber Daily's request for comment.

"Earlier this month Christie’s experienced a technology security incident. We took swift action to protect our systems, including taking our website offline. Our investigations determined there was unauthorised access by a third party to parts of Christie’s network," said the spokesperson.

"They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised.

"Christie’s is currently notifying privacy regulators, government agencies as well as in the process of communicating shortly with affected clients."

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.