After hack, Christie’s gives details of compromised client data

By Zachary Small

The company said in an email to clients that neither their financial data nor any information about their recent sales activity had been exposed in the hack. But it said that some personal data from clients’ identification documents had been compromised. — Unsplash

Auction house Christie’s said on May 30 that it had alerted the FBI and the British police about the cyberattack that hobbled its website earlier this month, and began telling clients what types of personal data had been compromised.

The company said in an email to clients that neither their financial data nor any information about their recent sales activity had been exposed in the hack. But it said that some personal data from clients’ identification documents had been compromised.

“The personal identity data came from identification documents, for example passports and driver's licenses, provided as part of client ID checks, which Christie’s is required to retain for compliance reasons,” Jessica Stanley, a Christie’s spokesperson, said in a statement Thursday morning. “No ID photographs, signatures, email addresses or phone numbers were taken.”

It was the first time that Christie’s officials had detailed to the public what kind of information the hackers might have acquired from its records on some of the world’s richest art collectors. The admission came a few days after a group called RansomHub took responsibility for the cyberattack and threatened to release its findings on nearly 500,000 clients of the company.

Previously, the auction house referred to the cyberattack as a “technology security incident” and attempted to calm anxious bidders with a temporary website despite serious concerns among some employees.

The company’s efforts to downplay the importance of the cyberattack were largely successful with bidders. Its marquee spring auctions, which got underway shortly after the hack, netted sales worth US$528mil (RM2.48bil).

RansomHub, which took responsibility for the Christie’s hack, wrote on the dark web that “we attempted to come to a reasonable resolution with them but they ceased communication midway through” and threatened to begin releasing data.

Christie’s said in its email to clients that it had notified the relevant law enforcement authorities in Britain and the United States. Law enforcement officials did not immediately respond to a request for comment.

In its email to clients, Christie’s urged people to check their accounts for any unusual activity and wrote that it would be offering them “complimentary identity theft protection and monitoring services”. – The New York Times

×

Related stories:

Hacking group claims it stole client data from Christie’s

Christie’s postpones Geneva auction after website security issue

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Terraform Labs approved for bankruptcy wind-down after US SEC settlement
New York Times Tech Guild approves strike, CWA union says
Trump Media shares face potential sell-off as insider selling restrictions lift
Airbnb CEO says company focused on boosting long-term stays
Disney to stop using Salesforce-owned Slack after hack exposed company data, WSJ reports
SpaceX 'forcefully rejects' FAA allegation it violated launch requirements
Brazil's top court threatens X with hefty fine for bypassing ban
Amazon adds chatbot for its sellers, boosting automation
Social media users lack control over data used by AI, US FTC says
US-listed crypto stocks jump after bumper rate cut from Fed

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.