Christie’s, one of the world’s leading auction houses, was hacked in May, and the cyber group RansomHub has claimed responsibility. On May 12, Christie’s CEO Guillaume Cerutti announced on LinkedIn that the company had “experienced a technology security incident.”

RansomHub threatened to leak “sensitive personal information” from exfiltrated ID document data, including names, dates of birth and nationalities. On the group’s dark website, RansomHub claims to possess 2GB of data on “at least 500,000” Christie’s clients from around the world.

RansomHub then set a deadline for Christie’s to pay an unspecified ransom amount. But the cyber group said that the auction house “ceased communication midway through” negotiations. So RansomHub held its own auction and sold the stolen data to an anonymous third party for an undisclosed sum.

Cyberattacks involving stolen personal data are by no means new, but Christie’s high-level clientele makes this incident stand out among others.

High-level client list at risk

The recent Christie’s attack brings to mind a past incident involving a multinational hotel chain. In 2018, the hotel chain informed customers of a data breach resulting in the possible disclosure of 500 million guests’ personal records, including information such as name, address, phone number, email address, date of birth, credit and debit card details, passport number, gender, arrival and departure information, reservation date and communication preferences stored in the brand’s global guest reservation database.

RansomHub claims it has access to Christie’s client information such as name, birthplace, ID number, birthdate and nationality. Christie’s requires individual buyers and sellers to provide a copy of a government-issued photo ID and proof of residential address according to its FAQ.

While the parallels between the hotel chain and Christie’s incidents are clear, the hotel chain hackers didn’t demand a ransom and none of the millions of valuable records were sold on the dark web; this was not a standard ransomware expedition. According to government sources, the hotel chain hack was part of a larger Chinese operation to collect data on American government employees and intelligence officers.

Supercharging identity theft

In the age of AI deepfakes, identity theft reaches levels of trickery that are truly amazing. Not only are deepfake audio and video already being used for fraudulent bank transactions, but fake ID cards are also being made by generative AI. For example, the underground outfit OnlyFake claims that the IDs it produces can bypass KYC (“know your customer”) checks at Binance, Kraken, Bybit, Huobi, Coinbase, OKX and Revolut.

Any victim of personal data theft could have their identity stolen. But incidents like the hotel chain and Christie’s hacks open up entirely unique scenarios. For example, one can imagine fake IDs being created to impersonate high-level government officials for espionage reasons.

High-profile ID theft

Undoubtedly, Christie’s has many high net worth and high profile clients. A deepfake mimicking a celebrity could be used for any number of campaigns, such as false advertisements or endorsements. Stolen personal info could be used to bolster such efforts. Fake IDs might be used to hack bank accounts or set up new accounts in the name of someone who had their personally identifiable information (PII) stolen.

Scammers can even contact cell phone service providers and impersonate a person to request a “port-out” of a phone number to a new SIM card. Meanwhile, SIM jacking scams call a phone provider and convince them to switch the number to a new device.

Once they have a cell phone number, scammers can use it to:

• Intercept security protocols sent to your phone
• Access financial and social media accounts
• Receive and send messages
• Make calls
• Intercept one-time passwords (OTPs) used for bank account verification

All these kinds of scams are easier to execute with stolen personal data and AI-enhanced impersonation. Then, the contagion can spread. If a famous person gets a phone call or text from their famous friend (actually an imposter), social engineering attacks might occur among the rich, powerful and famous. The reality? Famous people have been having their identities hacked for years.