The hacker group RansomHub has announced plans to auction off client data stolen from Christie’s. RansonHub had a cyberattack on the auction house’s network last month. The attack compromised the personal information of over 500,000 clients globally. Initially, RansomHub attempted to extort Christie’s for an undisclosed sum of money. However, with the failure of their extortion attempt, the group decided to proceed with selling the stolen data through an auction.
Threat analyst Brett Callow of the New Zealand-based cybersecurity software firm Emsisoft, said that the hacker group has shifted tactics according to a screenshot taken from X. The group announced it will offer the stolen data in a one-time auction, encouraging potential buyers to “find something [they] like in the sample” of available client information posted as evidence of the breach.
Christie’s representative, Jessica Stanley, stated that investigations into the cyberattack revealed RansomHub accessed client names and, for some clients, took additional personal identity information. Christie’s asserts that there is no evidence to suggest that financial or transactional records were compromised for any clients during the attack.
“The personal identity data was obtained from identification documents such as passports and driver’s licenses, which were provided during client ID checks that Christie’s is required to keep for compliance purposes,” Christie’s statement explained. “No ID photographs, signatures, email addresses, or phone numbers were collected.”
Regardless, the auction house has informed all affected clients of the breach, “consistent with all appropriate GDPR, Federal, State, and other applicable regulations,” and has also notified both the FBI and the British police.