Christie's auction house said on Thursday it had informed the FBI and British police about a cyberattack on its website earlier this month and had begun telling customers what types of personal data had been compromised.
The company said in an email to customers that neither their financial data nor any information about recent sales activity was compromised in the hack. But it said some personal data from customers’ ID documents had been compromised.
“This personally identifiable data comes from identification documents provided by clients during identity checks, such as passports and driver's licenses, which Christie's is required to retain for compliance reasons,” Christie's spokeswoman Jessica Stanley said in a statement Thursday morning. “We do not obtain any ID photos, signatures, email addresses or phone numbers.”
It was the first time that Christie’s auction house officials detailed to the public what information hackers may have gained from the company’s records on some of the world’s wealthiest art collectors, days after a group called RansomHub acknowledged the breach. Take responsibility The auction house has previously mentioned Network attacks The company called it a “technical security incident” and tried to reassure anxious bidders with a temporary website, though Serious concerns Among some employees.
The company’s efforts to downplay the significance of the cyberattack were largely accepted by bidders. The company’s major spring auction, which began shortly after the hack, saw net sales of $528 million.
RansomHub, which is responsible for the Christie’s hack, wrote on the dark web: “We tried to reach a reasonable resolution with them, but they stopped communicating halfway through,” and threatened to start publishing the data.
Christie’s said in an email to clients that it had notified relevant law enforcement authorities in the United Kingdom and the United States. Law enforcement officials did not immediately respond to requests for comment.
In an email to clients, Christie's urged people to check their accounts for any unusual activity and wrote that it would provide them with “free identity theft protection and monitoring services.”