After a week of public threats, hackers didn’t release a large trove of client data belonging to Christie’s auction house on their dark web site.
On May 27, a group known as RansomHub claimed responsibility for a cyberattack that hit the auction house earlier that month. They posted a countdown clock on the dark web along with a message suggesting they’d release client data, including names and passport details, on Monday morning.
Three days later, RansomHub appeared to change tactics, offering the data for auction on an update on its dark web site. It’s not clear what become of that effort.
The criminal group had said that Christie’s had ceased communications after they had attempted to reach a “reasonable resolution.” A Christie’s spokesperson didn’t immediately respond to a request for comment.
The auction house, meanwhile, sent a notice to clients affected by the breach, emphasizing that while passport information was indeed compromised, contact details, financial data, and most importantly, transaction-related information hadn’t been exposed.
“Please rest assured we are treating this incident with the utmost seriousness,” the auction house wrote in a note to clients that was reviewed by Bloomberg. “We have proactively informed the relevant authorities, which include the U.K. police (via ActionFraud) and the FBI, as well as relevant data protection regulators globally, where required.”
While Christie’s was forced to deal with the immediate aftermath of the cyberattack, which included voluntarily taking down its website just days before its massive New York auctions, the damage to the company appeared to be limited.
This article was provided by Bloomberg News.