Christie's London
Christie's London location. Image: Christie's

RansomHub claims attack on Christie’s, the world’s wealthiest auction house

The criminal group calling itself RansomHub claimed on Monday to have been behind a cyberattack targeting the British auction house Christie’s.

A listing on RansomHub’s darknet extortion site includes what the criminals say are samples of data stolen from Christie’s, the world’s largest auction house by revenue whose clients include some of the world’s wealthiest art collectors.

Earlier this month, the company’s chief executive, Guillaume Cerutti, announced the company had taken its website offline due to what it described as a “technology security incident.”

In another post on LinkedIn on Tuesday, Cerutti said the company’s investigation into the incident “has determined there was unauthorised access by a third party to parts of Christie's network.”

He confirmed “that the group behind the incident took some data from the Christie's network, including a limited amount of personal data relating to some of our clients.”

However, the auction house CEO said there was “no evidence of any financial or transactional data related to our clients or to Christie’s being taken or copied.”

The privately-owned company, which said it made more than $6 billion last year through sales of artworks and luxury goods, previously sold the Leonardo da Vinci painting Salvator Mundi for a world-record price of $450 million to a Saudi prince.

Cerutti said that the company would begin reaching out clients affected by the cyberattack within the next two days.

RansomHub’s threat to publish the stolen data follows the company refusing to negotiate an extortion payment according to the criminals, who claimed that the company would incur fines under data protection laws if no ransom was paid and the criminals published the stolen material online.

In truth the publication of stolen data does not impact the assessment made by privacy regulators in the European Union and United Kingdom about breaches of data protection legislation.

“We are complying with all regulatory and governmental obligations and have made all appropriate notifications to privacy regulators,” wrote Cerutti.

“In the meantime, our auction sales continue to take place as usual, with our website and online capabilities fully and securely functional,” added the Christie’s CEO, noting that a jewels sale had gone ahead in Hong Kong on Monday. 

The ransomware attack on Christie's comes amid a surge of incidents impacting organizations in the United Kingdom, with regulator data showing a record number of attacks reported to the country’s data protection authority in 2023.

Efforts to tackle ransomware attacks in Britain have been delayed by the sudden general election. A planned public consultation on reforming the government’s approach to the ransomware crisis cannot now be held until after the election has concluded.

Parliament’s national security committee last week warned the government that hostile actors could seek to “undermine trust in electoral processes through cyberattacks targeted at our institutions, including ransomware attacks.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.