RansomHub, a group of cyber-extortionists who hacked the UnitedHealth Group subsidiary Change Healthcare in February, has claimed responsibility for hacking Christie’s website earlier this month on the eve of the season’s marquee auction sales in New York. As a result of the attack, the auction house shut down its website for 10 days, including the entirety of the critical sales week.
According to sources on Twitter, including @DarkWebInformer and a threat analyst for the New Zealand–based cybersecurity firm Emsisoft, Brett Callow, RansomHub has said it has information about more than 500,000 of Christie’s private clients. An image containing a sample of the information to which RansomHub claims it was able to gain access during the hack was posted to the dark web along with a message saying that the hackers “attempted to come to a reasonable resolution” with Christie’s, but the auction house cut off communication halfway through negotiations.
“It is clear that if this information is posted they will incur heavy fines from the violation of GDPR as well as ruining their reputation with their clients and don’t care about their privacy,” the group apparently wrote in the message.
GDPR refers to the European General Data Protection Regulation, a law in the European Union that governs how personal data can be used, processed, and stored.
Following the hack, Christie’s referred to the incident as a “technology security issue.” At the time the auction house released a statement saying “Christie’s confirms that a technology security issue has impacted some of our systems, including our website. We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We regret any inconvenience to our clients and our priority is to minimize any further disruption. We will provide further updates to our clients as appropriate.”
With the website still down just hours before the season’s first sale on May 14, collectors and art advisers worried that the attack would disrupt what is arguably the most important season for the art market, especially since there was hope that the May sales would shed some light on an abnormally murky market following years of low interest rates and manic buying from the collector class.
Christie’s managed to cobble together a website and successfully navigate the New York sales, raking in $114.7 million for the Rosa de la Cruz and 21st Century sales and $413 million during its 20th Century Evening sale.
Will that be enough to pay off RansomHub? Will they even bother? It is not yet clear to what data RansomHub gained access, with Nimrod Kamer, a writer for Interview Magazine, arguing that it appears they gained access only to client ID and address information, not financial data.
In a statement, Christie’s spokesperson Edward Lewine said “our investigations determined there was unauthorized access by a third party to parts of Christie’s network,” adding that the hacker group gained “some limited amount of personal data” on certain clients, but that it had no evidence of “financial or transactional records” being compromised.