HQ/EMEAFind out how we can help your business
Christie’s stated that it recently suffered a cybersecurity breach incident earlier this month after the RansomHub extortion group claimed responsibility and threatened to expose stolen data. Christie’s is an auction company in 46 countries specialising in selling art, luxury objects, and high-value collectables.
Earlier this week, the RansomHub ransomware organisation included Christie’s on its extortion page on the dark web, saying it had infiltrated the company and stole critical client data. On the other hand, the company’s initial investigation uncovered unauthorised access by a third party that navigated some parts of Christie’s network.
The investigation also determined that the threat group behind the campaign took a limited amount of personal data owned by some of the company’s clients. However, a company representative insisted that they have yet to find evidence that this incident compromised any financial or transactional records.
As of now, the company has already informed the privacy regulators and government organisations about the incident and will notify all affected clients via individualised communication.
The auction company became one of the victims posted on the RansomHub group’s extortion site.
RansomHub posted Christie’s on its extortion portal, warning the company that it had little over a week before they exposed the stolen data. RansomHub is a relatively new extortion company that demands ransom payments from victims in exchange for not publishing or deleting material acquired during attacks.
These fraudsters claim they currently hold the full names, physical addresses, ID document details, and numerous other sensitive information of 500,000 Christie’s clients.
The attackers also said they sought to negotiate a settlement with the auction company, but Christie’s allegedly stopped communicating with them during the negotiation process.
While many classify RansomHub as a ransomware group, researchers have yet to find encryptors the group used for its operations. Hence, they presently exclusively perform data theft attacks or collaborate with other threat actors to extort businesses.
The potentially affected clients of these extortion attempts should be wary of other potential threats. These threat actors could have already given the stolen data to different groups without obtaining what they wanted from these activities.
