The hacker group RansomHub has claimed responsibility for a cyberattack on the website of Christie’s and is threatening to release “sensitive personal information” about its clients.
The attack earlier this month forced the auction house to take down its main website on May 9th, after which it remained offline for 10 days, including during its marquee slate of spring sales.
According to the New York Times, RansomHub posted on the dark web this Monday saying that it had gained access to sensitive information about the world’s wealthiest art collectors and posted “a few examples of names and birthdays.” While the Times was not able to verify the group’s claims, several cybersecurity experts said that they are a known ransomware operation and that their claims are plausible. Ransomhub also said that it would release the data at the end of May and that Christie’s had failed to pay a ransom when one was initially demanded.
“We attempted to come to a reasonable resolution with them but they ceased communication midway through,” the hackers wrote in their dark web post, which was reported by the New York Times.
In a statement to Artsy, a spokesperson for Christie’s confirmed that the auction house experienced a “technology security incident” earlier this month and took “swift action” to protect its systems, including taking its website offline.
“Our investigations determined there was unauthorized access by a third party to parts of Christie’s network,” said the spokesperson. “They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised.”
They added that Christie’s is currently notifying privacy regulators and government agencies. It also noted that it is in the process of “communicating shortly with affected clients.”