Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data.
Christie's is a prominent auction house with a history spanning 2.5 centuries.
Christie's has handled numerous notable auctions such as Leonardo da Vinci's Salvator Mundi for $450 million in 2017, the Yves Saint Laurent and Pierre Bergé collection for 370 million euros in 2009, and Paul Allen's art collection that surpassed $1.5 billion in 2022.
Yesterday, the RansomHub ransomware group added Christie's on its extortion page on the dark web, claiming it had breached the company and stole sensitive client data.
A Christie's spokesperson confirmed to BleepingComputer that the company had suffered a data breach that impacted some clients.
The spokesperson noted that there is no evidence that any financial or transactional records were compromised due to this incident.
Christie's says it is notifying privacy regulators and government agencies and will also inform all affected clients through personalized communication.
RansomHub listed Christie's on its extortion portal, giving the company a little over five days at the time of writing, before they leak the company's stolen data.
RansomHub is a relatively new extortion group that demands ransom payment from victims in exchange for not publishing and deleting data stolen in attacks.
Ironically enough, the threat actors often auction the stolen files, sharing them exclusively with the highest bidder.
The cybercriminals claim to hold the full names, physical addresses, ID document details, and various other sensitive information of 500,000 Christie's clients.
Interestingly, RansomHub uses reputation loss and heavy GDPR fines as a lever of pressure in its announcement of Christie's.
The attackers also allege that they attempted to negotiate a resolution with the auction house, but the former abandoned the effort midway.
While many consider RansomHub to be a ransomware gang, no encryptor has been found for the operation, indicating that they currently only conduct data theft attacks or partner with other threat actors to help extort companies.
This was seen after the recent Change Healthcare/United Health ransomware attack when RansomHub's site was used to leak samples of files stolen by a BlackCat ransomware affiliate, attempting to extort the American healthcare giant.
MediSecure e-script firm hit by 'large-scale' ransomware data breach.
Chipmaker Nexperia confirms breach after ransomware gang leaks data.
Sav-Rx discloses data breach impacting 2.8 million Americans.
Cencora data breach exposes US patient info from 11 drug companies.
OmniVision discloses data breach after 2023 ransomware attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 28 May 2024 16:10:12 +0000