Auction house Christie's said Thursday it had notified the Federal Bureau of Investigation and British police about the cyberattack that crippled its website earlier this month and had begun informing customers what types of personal information had been compromised.
In an email to customers, the company said no customer financial data or information about recent sales activity was exposed as a result of the hack. However, it said some personal data from customers' identification cards had been compromised.
“Personally identifiable data comes from identity verification documents, such as passports and driver’s licenses, provided as part of customer ID verification, and Christie’s must retain this for compliance purposes,” Christie’s spokeswoman Jessica Stanley said in a statement Thursday morning. revealed. . “No ID photos, signatures, email addresses or phone numbers were taken.”
It was the first time Christie's officials detailed to the public what kind of information the hackers may have obtained from the records of the world's wealthiest art collectors. The admission comes just days after a group called RansomHub took responsibility for the cyberattack and threatened to publicize its findings on the company's nearly half a million customers. Previously, the auction house defined this cyber attack as a “technical security incident” and attempted to calm anxious bidders by setting up a temporary website, despite serious concerns from some employees.
The company's efforts to downplay the significance of the cyberattack have been largely successful for bidders. A major spring auction held immediately after the hack netted $528 million worth of sales.
RansomHub, which was responsible for the Christie hack, wrote on the dark web, “We attempted to reach a reasonable resolution with them, but stopped communicating midway,” and threatened to begin releasing the data.
In an email to customers, Christie's said it had notified relevant law enforcement authorities in the UK and US. Law enforcement officials did not immediately respond to a request for comment.
In an email to customers, Christie's urged people to check their accounts for unusual activity and wrote that it would provide “free identity theft prevention and monitoring services.”