June 11, 2024 By Jonathan Reed 3 min read

Christie’s, one of the world’s leading auction houses, was hacked in May, and the cyber group RansomHub has claimed responsibility. On May 12, Christie’s CEO Guillaume Cerutti announced on LinkedIn that the company had “experienced a technology security incident.”

RansomHub threatened to leak “sensitive personal information” from exfiltrated ID document data, including names, dates of birth and nationalities. On the group’s dark website, RansomHub claims to possess 2GB of data on “at least 500,000” Christie’s clients from around the world.

RansomHub then set a deadline for Christie’s to pay an unspecified ransom amount. But the cyber group said that the auction house “ceased communication midway through” negotiations. So RansomHub held its own auction and sold the stolen data to an anonymous third party for an undisclosed sum.

Cyberattacks involving stolen personal data are by no means new, but Christie’s high-level clientele makes this incident stand out among others.

High-level client list at risk

The recent Christie’s attack brings to mind a past incident involving a multinational hotel chain. In 2018, the hotel chain informed customers of a data breach resulting in the possible disclosure of 500 million guests’ personal records, including information such as name, address, phone number, email address, date of birth, credit and debit card details, passport number, gender, arrival and departure information, reservation date and communication preferences stored in the brand’s global guest reservation database.

RansomHub claims it has access to Christie’s client information such as name, birthplace, ID number, birthdate and nationality. Christie’s requires individual buyers and sellers to provide a copy of a government-issued photo ID and proof of residential address according to its FAQ.

While the parallels between the hotel chain and Christie’s incidents are clear, the hotel chain hackers didn’t demand a ransom and none of the millions of valuable records were sold on the dark web; this was not a standard ransomware expedition. According to government sources, the hotel chain hack was part of a larger Chinese operation to collect data on American government employees and intelligence officers.

Read the Definitive Guide to Ransomware

Supercharging identity theft

In the age of AI deepfakes, identity theft reaches levels of trickery that are truly amazing. Not only are deepfake audio and video already being used for fraudulent bank transactions, but fake ID cards are also being made by generative AI. For example, the underground outfit OnlyFake claims that the IDs it produces can bypass KYC (“know your customer”) checks at Binance, Kraken, Bybit, Huobi, Coinbase, OKX and Revolut.

Any victim of personal data theft could have their identity stolen. But incidents like the hotel chain and Christie’s hacks open up entirely unique scenarios. For example, one can imagine fake IDs being created to impersonate high-level government officials for espionage reasons.

High-profile ID theft

Undoubtedly, Christie’s has many high net worth and high profile clients. A deepfake mimicking a celebrity could be used for any number of campaigns, such as false advertisements or endorsements. Stolen personal info could be used to bolster such efforts. Fake IDs might be used to hack bank accounts or set up new accounts in the name of someone who had their personally identifiable information (PII) stolen.

Scammers can even contact cell phone service providers and impersonate a person to request a “port-out” of a phone number to a new SIM card. Meanwhile, SIM jacking scams call a phone provider and convince them to switch the number to a new device.

Once they have a cell phone number, scammers can use it to:

  • Intercept security protocols sent to your phone
  • Access financial and social media accounts
  • Receive and send messages
  • Make calls
  • Intercept one-time passwords (OTPs) used for bank account verification

All these kinds of scams are easier to execute with stolen personal data and AI-enhanced impersonation. Then, the contagion can spread. If a famous person gets a phone call or text from their famous friend (actually an imposter), social engineering attacks might occur among the rich, powerful and famous. The reality? Famous people have been having their identities hacked for years.

More from News

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Should there be a total ban on ransomware payments?

3 min read - The debate about the United States government banning companies from making ransomware payments is back in the headlines. Recently, the Ransomware Task Force for the Institute for Security and Technology released a memo on the topic. The task force stated that making a ban on ransomware payments in the U.S. at the current time will worsen the harm to victims, society and the economy. Additionally, small businesses cannot withstand a lengthy business disruption and might go out of business after…

5 takeaways from the White House cybersecurity workforce discussion

3 min read - The Office of the National Cyber Director (ONCD) recently hosted a 3-hour discussion on creating a strong cybersecurity workforce; the results are enlightening. The session involved representatives from more than 30 public and private organizations spanning 12 industries. The ONCD advises the United States President on cybersecurity policy and strategy. Its mission is to advance national security, economic prosperity and technological innovation through cybersecurity policy leadership. “In our increasingly digital world, where cyber threats are growing more frequent and more…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today