June 11, 2024 By Jonathan Reed 3 min read

Christie’s, one of the world’s leading auction houses, was hacked in May, and the cyber group RansomHub has claimed responsibility. On May 12, Christie’s CEO Guillaume Cerutti announced on LinkedIn that the company had “experienced a technology security incident.”

RansomHub threatened to leak “sensitive personal information” from exfiltrated ID document data, including names, dates of birth and nationalities. On the group’s dark website, RansomHub claims to possess 2GB of data on “at least 500,000” Christie’s clients from around the world.

RansomHub then set a deadline for Christie’s to pay an unspecified ransom amount. But the cyber group said that the auction house “ceased communication midway through” negotiations. So RansomHub held its own auction and sold the stolen data to an anonymous third party for an undisclosed sum.

Cyberattacks involving stolen personal data are by no means new, but Christie’s high-level clientele makes this incident stand out among others.

High-level client list at risk

The recent Christie’s attack brings to mind a past incident involving a multinational hotel chain. In 2018, the hotel chain informed customers of a data breach resulting in the possible disclosure of 500 million guests’ personal records, including information such as name, address, phone number, email address, date of birth, credit and debit card details, passport number, gender, arrival and departure information, reservation date and communication preferences stored in the brand’s global guest reservation database.

RansomHub claims it has access to Christie’s client information such as name, birthplace, ID number, birthdate and nationality. Christie’s requires individual buyers and sellers to provide a copy of a government-issued photo ID and proof of residential address according to its FAQ.

While the parallels between the hotel chain and Christie’s incidents are clear, the hotel chain hackers didn’t demand a ransom and none of the millions of valuable records were sold on the dark web; this was not a standard ransomware expedition. According to government sources, the hotel chain hack was part of a larger Chinese operation to collect data on American government employees and intelligence officers.

Read the Definitive Guide to Ransomware

Supercharging identity theft

In the age of AI deepfakes, identity theft reaches levels of trickery that are truly amazing. Not only are deepfake audio and video already being used for fraudulent bank transactions, but fake ID cards are also being made by generative AI. For example, the underground outfit OnlyFake claims that the IDs it produces can bypass KYC (“know your customer”) checks at Binance, Kraken, Bybit, Huobi, Coinbase, OKX and Revolut.

Any victim of personal data theft could have their identity stolen. But incidents like the hotel chain and Christie’s hacks open up entirely unique scenarios. For example, one can imagine fake IDs being created to impersonate high-level government officials for espionage reasons.

High-profile ID theft

Undoubtedly, Christie’s has many high net worth and high profile clients. A deepfake mimicking a celebrity could be used for any number of campaigns, such as false advertisements or endorsements. Stolen personal info could be used to bolster such efforts. Fake IDs might be used to hack bank accounts or set up new accounts in the name of someone who had their personally identifiable information (PII) stolen.

Scammers can even contact cell phone service providers and impersonate a person to request a “port-out” of a phone number to a new SIM card. Meanwhile, SIM jacking scams call a phone provider and convince them to switch the number to a new device.

Once they have a cell phone number, scammers can use it to:

  • Intercept security protocols sent to your phone
  • Access financial and social media accounts
  • Receive and send messages
  • Make calls
  • Intercept one-time passwords (OTPs) used for bank account verification

All these kinds of scams are easier to execute with stolen personal data and AI-enhanced impersonation. Then, the contagion can spread. If a famous person gets a phone call or text from their famous friend (actually an imposter), social engineering attacks might occur among the rich, powerful and famous. The reality? Famous people have been having their identities hacked for years.

More from News

CISA launches portal to simplify cyber incident reporting

2 min read - Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal. “The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement. “Reported incidents enable CISA and our partners to help victims mitigate…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Are new gen AI tools putting your business at additional risk?

3 min read - If you're wondering whether new generative artificial intelligence (gen AI) tools are putting your business at risk, the answer is: Probably. Even more so with the increased use of AI tools in the workplace. A recent Deloitte study found more than 60% of knowledge workers use AI tools at work. While the tools bring many benefits, especially improved productivity, experts agree they add more risk. According to the NSA Cybersecurity Director Dave Luber, AI brings unprecedented opportunities while also presenting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today