Hacker Outfit RansomHub Claims Credit for Christie’s Auction Week ‘Technology Security Issue’

RansomHub, a group of cyber-extortionists who hacked the UnitedHealth subsidiary Change Healthcare in February, has claimed responsibility for hacking Christie’s website earlier this month on the eve of the season’s marquee auction sales in New York. As a result of the attack, the auction house shut down its web site for ten days, including the entirety of the critical sales week.

According to sources on Twitter, including @DarkWebInformer and a threat analyst for the New Zealand-based cybersecurity firm Emsisoft, Brett Callow, RansomHub has said it has information about more than 500,000 of Christie’s private clients. An image containing a sample of the information RansomHub claims it was able to gain access to during the hack was posted to the dark web along with a message saying that the hackers “attempted to come to a reasonable resolution” with Christie’s, but the auction house cut off communication halfway through negotiations. 

“It is clear that if this information is posted they will incur heavy fines from the violation of GDPR as well as ruining their reputation with their clients and don’t care about their privacy,” the group apparently wrote in the message.

GDPR refers to the European General Data Protection Regulation, a law in the European Union that governs the way in which personal data can be used, processed, and stored.

Following the hack, Christie’s referred to the incident as a “technology security issue.” At the time the auction house released a statement saying “Christie’s confirms that a technology security issue has impacted some of our systems, including our website. We are taking all necessary steps to manage this matter, with the engagement of a team of additional technology experts. We regret any inconvenience to our clients and our priority is to minimize any further disruption. We will provide further updates to our clients as appropriate.”

With the website still down just hours before the first sale of the season on May 14, collectors and art advisors worried that the attack would disrupt the what is arguably the most important season for the art market, especially since there was hope that the May sales would shed some light on an abnormally murky market following years of low interest rates and manic buying from the collector class.

Christie’s managed to cobble together a website and successfully navigated the New York sales, raking in $114.7 million for the Rosa de la Cruz and 21st Century sales and $413 million during its 20th Century Evening sale.

Will that be enough to pay off RansomHub? Will they even bother? It is not yet clear what data RansomHub gained access to, with Nimrod Kamer, a writer for Interview Magazine, arguing that it appears they only gained access to client ID and address information, not financial data.