A hacker group known as RansomHub claimed responsibility for the attack that struck Christie's website a few days before its highly anticipated spring sales started.
Due to the attack, the auction house closed its website for ten days, including a crucial sales week.
On Monday, May 20, the group claimed in a post on the dark web that it gained access to private information about the richest art collectors in the world, posting only a few examples of names and birthdays.
Although it could not immediately confirm RansomHub's claims, several cybersecurity experts said the claims were credible and were a known ransomware campaign.
It was unclear if the hackers had accessed any other private data, such as client addresses or financial information. The group vowed to publicize the data and establish a countdown timer that would end on Friday, May 31.
A spokesman at Christie's said that their investigations determined there was unauthorized access by a third party to parts of Christie's network.
According to the spokesperson Edward Lewine, the investigations "also determined that the group behind the incident took some limited personal data relating to some of our clients."
He added that there is no evidence that any financial or transactional records were compromised.
The hackers said that Christie's did not provide the requested ransom.
"We attempted to come to a reasonable resolution with them, but they ceased communication midway through," the hackers wrote in their dark web post, which was reviewed by a New York Times reporter. "It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients."
Brett Callow, a threat analyst with the cybersecurity company Emsisoft, claimed they know that Christie's had an incident, and a known ransomware operation has now claimed responsibility.
Callow noted that there is no real reason to doubt the claims.
Furthermore, the company described the hack as a "technology security incident."
