Christie’s extortion deadline ends without hackers posting data
AFTER a week of public threats, hackers didn’t release a large trove of client data belonging to Christie’s auction house on their dark web site.
On May 27, a group known as RansomHub claimed responsibility for a cyberattack that hit the auction house earlier that month. They posted a countdown clock on the dark web along with a message suggesting they would release client data, including names and passport details, on Monday (Jun 3) morning.
Three days later, RansomHub appeared to change tactics, offering the data for auction on an update on its dark web site. It is not clear what become of that effort.
The criminal group had said that Christie’s had ceased communications after they had attempted to reach a “reasonable resolution.” A Christie’s spokesperson did not immediately respond to a request for comment.
The auction house, meanwhile, sent a notice to clients affected by the breach, emphasising that while passport information was indeed compromised, contact details, financial data, and most importantly, transaction-related information had not been exposed.
“Please rest assured we are treating this incident with the utmost seriousness,” the auction house wrote in a note to clients that was reviewed by Bloomberg.
“We have proactively informed the relevant authorities, which include the UK police (via ActionFraud) and the FBI, as well as relevant data protection regulators globally, where required.”
While Christie’s was forced to deal with the immediate aftermath of the cyberattack, which included voluntarily taking down its website just days before its massive New York auctions, the damage to the company appeared to be limited. BLOOMBERG
Share with us your feedback on BT's products and services
