International auctioning giant Christie's has confirmed data was stolen during an online attack after a top-three ransomware group claimed credit.The revelation follows an incident from earlier in May that forced the auction house's online bidding system offline, an event which the company said at the time was due to a"technology security issue."
"Christie's is currently notifying privacy regulators, government agencies as well as in the process of communicating shortly with affected clients." As ever with such claims, they always have to be taken with a pinch of salt, given that they're coming from criminals. RansomHub claimed it was able to extract personal data belonging to"at least 500,000" Christie's clients, including full names, addresses, the machine-readable zones of identity documents, heights, races, sexes, and more.
However, if RansomHub's boasts are true, Christie's has seemingly refused to pay up until now and as ESET's global cybersecurity advisor Jake Moore says, events such as the"With a sizable chunk of sensitive data being placed on the internet to prove the attackers mean business, Christie's are playing hardball by not immediately paying the ransom – a route more and more companies are choosing to go down," he said.