Christie’s says hackers accessed some clients’ passport data
Financial, transaction information was not obtained by hackers
A HACKING group that targeted Christie’s stole information – including names, dates of birth and passport numbers – that customers provided to the auction house to verify their identities, according to a memo sent to customers.
The attackers also accessed some customers’ genders and birthplaces from passport information that Christie’s had used for ID checks, according to the memo, which was reviewed by Bloomberg News. Data obtained from driver’s licences and other forms of ID included full names and dates of birth, according to the memo, which is dated May 30.
The hackers did not access copies of the identification documents, the memo said.
The attackers also did not obtain ID photographs, signatures, email addresses or phone numbers, according to the memo. Nor did they compromise financial data such as bank accounts and credit card numbers or information related to Christie’s transactions, according to the memo.
A Christie’s spokesperson confirmed the memo’s veracity. The auction house has begun notifying affected clients and has set up dedicated telephone hot lines and email, the spokesperson said.
In a post on the dark web, the cybercriminal group RansomHub claimed responsibility for the attack. The gang claimed it gained access to personal information about Christie’s wealthy clients, publishing a “sample” of the data with a few names, nationalities and birth date. RansomHub included a countdown clock in the post, suggesting they would publish the entire trove of data in early June unless Christie’s paid an extortion fee.
A NEWSLETTER FOR YOU
Friday, 2 pm
Lifestyle
Our picks of the latest dining, travel and leisure options to treat yourself.
The group’s claims, and the sample data it posted, couldn’t be verified.
That RansomHub still has a countdown clock ticking towards when the group says it will publish client data indicates the auction house didn’t pay a ransom, according to Brett Callow, a threat researcher at the cybersecurity firm Emsisoft. He said the type of data taken in this instance gives the hackers little leverage.
“That is the information that would have been found in the phone book in previous years,” Callow said. “More than anything this incident is embarrassing to Christie’s”
But Callow also warned that many breached companies have been wrong in their initial assessments of what types of data was taken, and that getting conclusive answers can be a “long complex process” that takes months.
The auction house was forced to take down its website on May nine following the attack, which occurred on the eve of watch auctions in Geneva and days before Christie’s began important auctions in New York.
Christie’s managed to sell US$115 million in art in a single evening earlier this month, in spite of the attack. In total, its May marquee week sales yielded US$640 million. BLOOMBERG
Share with us your feedback on BT's products and services
