Christie’s confirms breach after RansomHub threatens to leak information

Christie’s confirmed that it suffered a safety incident earlier this month after the RansomHub extortion gang claimed duty and threatened to leak stolen information.

Christie’s is a distinguished public sale home with a historical past spanning 2.5 centuries. It operates in 46 international locations and specializes in promoting artwork, luxurious objects, and high-valued collectibles.

Christie’s has dealt with quite a few notable auctions reminiscent of Leonardo da Vinci’s Salvator Mundi for $450 million in 2017, the Yves Saint Laurent and Pierre Bergé assortment for 370 million euros in 2009, and Paul Allen’s artwork assortment that surpassed $1.5 billion in 2022.

Yesterday, the RansomHub ransomware group added Christie’s on its extortion web page on the darkish net, claiming it had breached the corporate and stole delicate shopper information.

A Christie’s spokesperson confirmed to BleepingComputer that the corporate had suffered an information breach that impacted some shoppers.

“Earlier this month Christie’s experienced a technology security incident. We took swift action to protect our systems, including taking our website offline,” confirmed the spokesperson.

“Our investigations determined there was unauthorized access by a third party to parts of Christie’s network.”

“They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients.”

The spokesperson famous that there is no such thing as a proof that any monetary or transactional data had been compromised as a result of this incident.

Christie’s says it’s notifying privateness regulators and authorities businesses and also will inform all affected shoppers via customized communication.

RansomHub extortion

RansomHub listed Christie’s on its extortion portal, giving the corporate just a little over 5 days on the time of writing, earlier than they leak the corporate’s stolen information.

RansomHub is a comparatively new extortion group that calls for ransom cost from victims in alternate for not publishing and deleting information stolen in assaults.

Mockingly sufficient, the menace actors typically public sale the stolen recordsdata, sharing them solely with the very best bidder.

The cybercriminals declare to carry the complete names, bodily addresses, ID doc particulars, and numerous different delicate info of 500,000 Christie’s shoppers.

Apparently, RansomHub makes use of popularity loss and heavy GDPR fines as a lever of strain in its announcement of Christie’s.

The attackers additionally allege that they tried to barter a decision with the public sale home, however the former deserted the hassle halfway.

Whereas many take into account RansomHub to be a ransomware gang, no encryptor has been discovered for the operation, indicating that they at present solely conduct information theft assaults or accomplice with different menace actors to assist extort firms.

This was seen after the latest Change Healthcare/United Well being ransomware assault when RansomHub’s website was used to leak samples of recordsdata stolen by a BlackCat ransomware affiliate, making an attempt to extort the American healthcare big.