After hack, Christie’s gives details of compromised client data


The company said in an email to clients that neither their financial data nor any information about their recent sales activity had been exposed in the hack. But it said that some personal data from clients’ identification documents had been compromised. — Unsplash

Auction house Christie’s said on May 30 that it had alerted the FBI and the British police about the cyberattack that hobbled its website earlier this month, and began telling clients what types of personal data had been compromised.

The company said in an email to clients that neither their financial data nor any information about their recent sales activity had been exposed in the hack. But it said that some personal data from clients’ identification documents had been compromised.

“The personal identity data came from identification documents, for example passports and driver's licenses, provided as part of client ID checks, which Christie’s is required to retain for compliance reasons,” Jessica Stanley, a Christie’s spokesperson, said in a statement Thursday morning. “No ID photographs, signatures, email addresses or phone numbers were taken.”

It was the first time that Christie’s officials had detailed to the public what kind of information the hackers might have acquired from its records on some of the world’s richest art collectors. The admission came a few days after a group called RansomHub took responsibility for the cyberattack and threatened to release its findings on nearly 500,000 clients of the company.

Previously, the auction house referred to the cyberattack as a “technology security incident” and attempted to calm anxious bidders with a temporary website despite serious concerns among some employees.

The company’s efforts to downplay the importance of the cyberattack were largely successful with bidders. Its marquee spring auctions, which got underway shortly after the hack, netted sales worth US$528mil (RM2.48bil).

RansomHub, which took responsibility for the Christie’s hack, wrote on the dark web that “we attempted to come to a reasonable resolution with them but they ceased communication midway through” and threatened to begin releasing data.

Christie’s said in its email to clients that it had notified the relevant law enforcement authorities in Britain and the United States. Law enforcement officials did not immediately respond to a request for comment.

In its email to clients, Christie’s urged people to check their accounts for any unusual activity and wrote that it would be offering them “complimentary identity theft protection and monitoring services”. – The New York Times

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Taiwan's science ministry warns spending cuts could hit chips, AI funding
How they celebrated the holidays 250 miles above Earth
The speed of human thought lags far behind your Internet connection, study finds
The tale of 'Shatter Special', the world's first fully computerised comic book
Opinion: Read your messages closely and don’t click those links
Trump’s 'Made in USA' bitcoin is promise impossible to keep
Why Taiwan’s Foxconn, an iPhone supplier, is investing in Texas and Thailand
Elon Musk’s go-to cost-cutter is working for DOGE
US man used fake Instagram profiles to trick kids for nude images, videos
Japan Air resumes ticket sales after overcoming cyberattack

Others Also Read