Christie's Auction House Faces Cyberattack by RansomHub Linked to Russia

London-based auction house Christie's fell victim to a cyberattack orchestrated by the group RansomHub, reportedly connected to Russia, resulting in a ten-day website shutdown and threats of client data release. The hackers demanded ransom and claimed possession of sensitive personal information of 500,000 clients. While auction catalogues were moved to a separate site, auction transactions remained secure amid investigations and notifications to regulators and affected parties.

London-based auction house Christie's experienced a cyberattack by the group RansomHub, reportedly linked to Russia, earlier this month. The hackers claimed responsibility on May 9, forcing Christie's to take down its website for ten days ahead of a major auction in New York. RansomHub threatened to release personal data of around 500,000 clients unless their demands were met. Auction catalogues were consequently posted on a separate site, while auction transactions remained secure.

RansomHub warned in a dark web post that they possess sensitive information, including full names, places and dates of birth, sex, and nationality. Christie's acknowledged unauthorized third-party access but stated there was no evidence that financial or transactional records were compromised. They are currently notifying privacy regulators, government agencies, and affected clients.

This incident follows the recent identification of Dmitry Yuryevich Khoroshev by the National Crime Agency as the mastermind behind the ransomware group Lockbit, also linked to Russia. Khoroshev, now sanctioned by the UK, US, and Australia, has been tied to high-profile cyber attacks including those on Royal Mail and Boeing.