Auction house Christie’s hacked by gang suspected of ties with Russia


Christie’s has confirmed it has been hacked by a gang with possible ties to Russia that claimed to have the private details of half a million of its clients.

The London-based auction house sells billions of pounds worth of art and luxury goods in cities across the world each year.

On May 9, it was forced to take down its site ahead of key auctions in New York as a result of what it described as a “technology security incident”.

Its main website was offline for around 10 days in total, with auction catalogues posted on a separate site and registered collectors given links to bid online.

However, ransomware group RansomHub has now claimed responsibility for the hack.

A statement posted on the dark web and seen by The Telegraph read: “While utilising access to Christies [sic] network we were able to gain access to their customers [sic] sensitive personal information.”

The group added that the names, nationalities, dates of birth and other data were in its possession for “at least 500,000 of their private clients from all over the world”.

“We attempted to come to a reasonable resolution with them [Christie’s] but they ceased communication midway through,” the statement continued.

“It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don’t care about their privacy”.

The gang’s dark web page, also seen by The Telegraph, says: “We do not allow CIS [former Soviet states], Cuba, North Korea and China to be targeted”.

Cyber security experts believe there could be a link to Russia, long known as a country that turns a blind eye to criminal hackers’ activities on condition they do not target Russia or its allies.

Brett Callow, a cyber security researcher from anti-ransomware company Emsisoft, told The Telegraph: “Who RansomHub are isn’t entirely clear. The operation emerged in February, and we know that they appear to have a connection to Alphv – the ransomware gang that went dark after the February attack on Change Healthcare – but the exact nature of the connection is unclear.”

‘We took swift action’

A Christie’s spokesman said: “Earlier this month, Christie’s experienced a technology security incident.

“We took swift action to protect our systems, including taking our website offline.

“Our investigations determined there was unauthorised access by a third party to parts of Christie’s network.

“They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients.

“There is no evidence that any financial or transactional records were compromised.”

The spokesman added: “Christie’s is currently notifying privacy regulators, government agencies as well as in the process of communicating shortly with affected clients.”

Last year, the auction house reported global sales of approximately $6.2 billion (£4.8 billion).