Christie’s confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed duty and threatened to leak stolen information.
Christie’s is a distinguished public sale home with a historical past spanning 2.5 centuries. It operates in 46 nations and specializes in promoting artwork, luxurious objects, and high-valued collectibles.
Christie’s has dealt with quite a few notable auctions reminiscent of Leonardo da Vinci’s Salvator Mundi for $450 million in 2017, the Yves Saint Laurent and Pierre Bergé assortment for 370 million euros in 2009, and Paul Allen’s artwork assortment that surpassed $1.5 billion in 2022.
Yesterday, the RansomHub ransomware group added Christie’s on its extortion web page on the darkish net, claiming it had breached the corporate and stole delicate shopper information.
A Christie’s spokesperson confirmed to BleepingComputer that the corporate had suffered a data breach that impacted some shoppers.
“Earlier this month Christie’s skilled a know-how security incident. We took swift motion to guard our programs, together with taking our web site offline,” confirmed the spokesperson.
“Our investigations decided there was unauthorized entry by a 3rd social gathering to components of Christie’s community.”
“In addition they decided that the group behind the incident took some restricted quantity of non-public information regarding a few of our shoppers.”
The spokesperson famous that there is no such thing as a proof that any monetary or transactional information had been compromised attributable to this incident.
Christie’s says it’s notifying privateness regulators and authorities businesses and also will inform all affected shoppers by means of customized communication.
RansomHub extortion
RansomHub listed Christie’s on its extortion portal, giving the corporate a bit of over 5 days on the time of writing, earlier than they leak the corporate’s stolen information.
RansomHub is a comparatively new extortion group that calls for ransom fee from victims in trade for not publishing and deleting information stolen in assaults.
Paradoxically sufficient, the menace actors usually public sale the stolen information, sharing them completely with the very best bidder.
The cybercriminals declare to carry the total names, bodily addresses, ID doc particulars, and numerous different delicate data of 500,000 Christie’s shoppers.
Apparently, RansomHub makes use of status loss and heavy GDPR fines as a lever of strain in its announcement of Christie’s.
The attackers additionally allege that they tried to barter a decision with the public sale home, however the former deserted the hassle halfway.
Whereas many think about RansomHub to be a ransomware gang, no encryptor has been discovered for the operation, indicating that they presently solely conduct information theft assaults or accomplice with different menace actors to assist extort corporations.
This was seen after the latest Change Healthcare/United Well being ransomware assault when RansomHub’s web site was used to leak samples of information stolen by a BlackCat ransomware affiliate, trying to extort the American healthcare large.
