The hacker group RansomHub says it will auction off Christie’s client data after its cyberattack on the auction house’s network last month. The group had originally attempted to extort Christie’s out of an undisclosed monetary amount after claiming responsibility for the attack, stating that it had obtained personal information from over 500,000 clients around the world.
Per a screenshot of the dark web post shared on X by threat analyst Brett Callow of the New Zealand-based cybersecurity software firm Emsisoft, RansomHub has now shifted tactics, announcing that it will be offering up the data in a one-time auction and encouraging potential buyers to “find something [they] like in the sample” of available client information it had posted as evidence of the breach.
So, what kind of information is up for grabs?
Not much, at least according to Jessica Stanley, a representative for Christie’s who shared a statement on behalf of the auction house with Hyperallergic. Investigations into the cyberattack revealed that RansomHub “accessed client names and, for a subset of clients, took some other personal identity information.” Christie’s maintains that there is no evidence that financial or transactional records were compromised for any clients during the attack.
“The personal identity data came from identification documents, for example passports and driving licenses, provided as part of client ID checks, which Christie’s is required to retain for compliance reasons,” Christie’s statement noted. “No ID photographs, signatures, email addresses or phone numbers were taken.”
Regardless, the auction house has informed all affected clients of the breach, “consistent with all appropriate GDPR, Federal, State and other applicable regulations,” and has also notified both the FBI and the British police.
This cybersecurity attack doesn’t appear to be all that fruitful, considering that the auction house evidently didn’t pay up and it’s not likely that many nefarious actors off the ~dark web~ are lining up to purchase access to people’s … names, sex, and nationalities. Though, if attention was all the group was after … Hook, line, and sinker!
Nevertheless, it seems like Christie’s decided that its money was better spent elsewhere as the auction house is offering impacted clients Identity Monitoring Services at no cost for one year.
Is there a lesson to be learned here? We’re not sure, but if we squint really hard, we might see some phishing scams emerging on the horizon. Maybe the rich weren’t eaten this time around, but there’s definitely room for an opportunistic artist to turn this short-lived drama into something worth auctioning off.
