Christie's auction house

Update – 06/10: Christie’s has started to issue data breach notifications to 45,798 people (in the US) following the attack. Those affected are being offered free access to CyEx’s Identity Defense Total for a year. This will alert customers to any changes on their Experian, Equifax, and TransUnion credit files. We recommend using this service if you’re among those affected.

Update – 05/28: Christie’s has issued a statement confirming “there was unauthorized access by a third party to parts of Christie’s network” and that a “limited” amount of personal client data was stolen but that there was “no evidence that any financial or transactional records were compromised.”

Just days before it was due to host an $840m (£670m) art auction, world-renowned Christie’s began to experience a “technology security incident.” The outages began around May 9 and continued into the following week.

Today, ransomware group RansomHub has claimed an attack on the organization, allegedly stealing the data of “at least 500,000 of their private clients from all over the world.” Part of the data set is said to include names, dates of birth, ID numbers, and more.

RansomHub’s posting appears to suggest Christie’s entered into some kind of negotiation with the group but that it “ceased communication midway through.”

ransomware attack Christie's auction house

Christie’s has provided little information about the nature of its recent security incident but many have suggested the extended downtime suffered pointed toward a ransomware-style attack. Comparitech has contacted Christie’s for a comment regarding the incident and RansomHub’s claims and will update this article if we receive one.

In the meantime, we highly recommended Christie’s clients and employees remain on high alert for any potential phishing calls, texts, or emails. Monitoring accounts for any unusual activity is also advisable.

Who is RansomHub?

RansomHub is a new ransomware group thought to have ties with Russia. It posted its first victim in February 2024 and since then we have tracked 71 attacks via this group. 66 of these attacks remain unconfirmed with five being confirmed.

Its recent claims include the Hong Kong College of Technology affecting 8,100 people and UK-based NRS Healthcare.

Most notable, however, was RansomHub’s recent claim that it was in possession of the data stolen in the Change Healthcare attack. The group’s extortion came after Change Healthcare had already paid a $22 million ransom to ALPHV/BlackCat.

In the case of Christie’s, RansomHub is following a double-extortion technique by demanding a ransom for a decryption key to unlock the company’s systems and one for deleting all of the stolen data.

About Christie’s

Based in London, Christie’s is a world-famous auction house that was first established in 1766. It specializes in art and luxury goods and has been home to a number of record-breaking auctions, including the Paul G. Allen collection which exceeded $1.5 billion.