The Information Highway

The Information Highway

Font size: +
3 minutes reading time (504 words)

Christie's starts notifying clients of RansomHub data breach

British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach.

Christie's discovered that it was the victim of a security breach that affected some of its systems on May 9, 2024. After becoming aware of the event, Christie's took measures to secure its network and hired external cybersecurity experts to help investigate the incident's impact.

The auction house says it also notified law enforcement and is now working to support their investigation. 

While analyzing the breach, Christie's found that a threat actor who breached its systems accessed and extracted customer files between May 8 and May 9.

Following the investigation, Christie's reviewed the accessed files to identify individuals whose information may have been affected, obtain their contact information, and alert them of the incident after completing the review on May 30.

The data breach notification letters sent to affected individuals state that the auction house is "not aware of any attempts to misuse your information as a result of this incident."

"We took additional steps to secure our systems and continue to evaluate technical and organizational measures to avoid the reoccurrence of a similar incident," Christie's added [PDF].

The auction house is also offering impacted people a free twelve-month subscription for the CyEx Identity Defense Total identity theft and fraud monitoring service, which will alert them of changes to their Experian, Equifax, and TransUnion credit files to spot any potentially fraudulent activity on their credit reports.

Claimed by RansomHub

While Christie's didn't name the attackers behind the May breach, the RansomHub gang added the auction house to its dark web leak portal, claiming it had breached its systems and stolen sensitive client data.

The cybercriminals claimed to have exfiltrated the full names, addresses, ID document details, and various other sensitive personal information of at least 500,000 Christie's clients.

Christie's entry on RansomHub's leak site
(BleepingComputer)

RansomHub has since updated the Christie's entry, saying they've sold the stolen data on their own auction platform. 

The day the extortion hub claimed the Christie's breach, a spokesperson reported that attackers had breached the company's network and stole a limited amount of personal data belonging to some of its clients.

The company also says that they found no evidence that any financial or transactional records were compromised during the incident.

RansomHub is a relatively new operation that demands ransom payment from victims in exchange for not leaking files stolen during attacks. If negotiations fail, it often auctions the stolen files exclusively to the highest bidder.

While the ransomware gang was identified as a potential buyer of Knight ransomware source code, they hardly ever encrypt files during their attacks, focusing instead on data-theft-based extortion. 

Recently, RansomHub claimed the breach of leading U.S. telecom provider Frontier Communications, which had to shut down its systems in April to contain a cyberattack. The company warned 750,000 customers this week that their information was exposed in a data breach.

Apple to unveil new 'Passwords' password manager a...
Frontier warns 750,000 of a data breach after exto...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023