Auction house Christie’s disclosed a data breach after the ransomware group RansomHub threatened to leak stolen data. The security breach occurred earlier this month.
The website of the auction house was unreachable after the attack.
According to BBC, Christie had problems in selling art and other high-value items worth an estimated $840 million due to a cyberattack. The spring auctions include a Vincent van Gogh painting valued at $35 million and rare wine, among other lots.
Some sales have been delayed due to the cyber attack.
RansomHub claimed responsibility for the attack and added the company to its Tor leak site. The extortion group said they had stolen 2GB of sensitive information, including personal information belonging to at least 500,000 Christie’s clients.
“While utilizing access to Christies network we were able to gain access to their customers sensitive personal information including [BirthPlace MRZFull DocumentNumber BirthDate ExpiryDate FirstName LastName IssueDate IssuingAuthority Sex DocumentCategory DocumentType NationalityName] as well as address, hieght, race and much more sensitive information for at least 500,000 of their private clients from all over the world.” states the group.
The group is threatening to leak the stolen data if the victim will not pay the ransom by Sunday, June 2,024.
The gang said it has attempted to negotiate the payment with the auction house without success. The gang added that after they will post stolen data, Christie will incur heavy fines from GDPR.
“Earlier this month Christie’s experienced a technology security incident. We took swift action to protect our systems, including taking our website offline” “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network.” a company spokesman told BleepingComputer. “They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients.”
The auction house is notifying privacy regulators and law enforcement, it is also going to inform impacted clients.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)