Christie’s given Friday ransom deadline after threat group claims responsibility for cyber attack

Facade of the Christie's auction house's headquarters in Paris.
(Image credit: Getty Images)

The hacker group behind the Christie’s cyber attack earlier this month has threatened to leak sensitive information online if the fine art auctioneer doesn’t meet ransom demands. 

RansomHub, which was recently behind an attack on Change Healthcare, claimed it had gained access to company data in a post to the dark web on Monday.

The group said it’s in possession of personal information belonging to the auctioneer’s clients, and published sample data that included names, dates of birth, and nationalities.

Christie’s now has until Friday 31 May to comply with the group’s demands, or else the full stolen dataset will be leaked online.

The organization first revealed it had suffered a technology issue in early May which affected some systems and forced its website offline. The incident occurred just days before a series of major auctions, which were expected to net the firm more than $800 million.

A spokesperson told the New York Times that a subsequent investigation revealed there was “unauthorized access by a third party to parts of Christie’s network”.

This investigation also determined that the group behind the attack “took some limited amount of personal data” relating to clients.

The company insisted that no financial or transactional records were compromised in the attack.

Christie’s rejected RansomHub’s initial demands

It is believed that RansomHub tried to negotiate a ransom with the auctioneer firm, with a statement on the group’s dark web site noting that it had “attempted to come to a reasonable resolution”. 

Christie’s “ceased communication” midway through the discussion, according to RansomHub.

“It is clear that if this information is posed they will incur heavy fines from GDPR as well as ruining their reputation with their clients,” the group said.

Darren Williams, CEO and founder of cyber security firm BlackFog, said the company now faces a challenging decision ahead of the deadline.


A whitepaper from ServiceNow on steps to a stronger security posture through automation, with image of businessman

(Image credit: ServiceNow)

Strengthen your cyber resilience

“The clock is ticking for Christie's Art House, who have a major decision to make now that criminal gang RansomHub has implemented a payment deadline,” he said.

“The ‘to pay or not to pay’ dilemma is a serious issue for all types of organizations who are facing a rising wave of ransomware attacks. High profile organizations such as Christie’s, which sells high-value items upwards of £600 million, will always be on the radar or cyber attackers looking for a quick win with large financial gain.”

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.