Christie’s, the world-famous art auction house, disclosed a major data breach that impacted around 45,798 individuals.
According to the official announcement made by Christie’s, the company recently discovered what appears to be an unauthorized intrusion into some of its systems. The hackers appear to have accessed contact details, including names, email addresses, phone numbers, and mailing addresses of approximately 45,798 individuals.
Preliminary investigations revealed that Christie’s network systems were accessed in an unauthorized manner by unknown threat actors. They were able to access the personal information of thousands of customers and other individuals who had interacted with Christie’s.
Data Expose in Christie’s Data Breach
The personal details accessed in the Christie’s Data Breach include full names, email addresses, phone numbers, and mailing addresses. However, the company did not find any evidence that financial details like payment card numbers or bank account credentials were accessed.
Christie’s immediately launched an investigation into the incident with the help of cybersecurity experts. They have also notified the relevant authorities about the breach as required by data protection regulations. The company is in the process of directly contacting each of the impacted individuals about the Christie’s Data Breach.
“Protecting client data is a top priority for Christie’s,” said Steve Gordon, Chairman of Christie’s Americas. “We deeply regret any concern or inconvenience this incident may cause. We are taking steps to enhance our cyber defenses and safeguard client information.”
Initial investigations reveal the breach was likely a result of a vulnerable web application or software. It allowed the threat actors to gain access to the customer database containing names, emails, phone numbers, and postal addresses. However, more technical information about the vulnerability exploited is still under investigation.
This is not the first time a major auction house has fallen victim to cybercriminals. In 2020, Sotheby’s also reported that it had been attacked, resulting in a Christie’s Data Breach of client data. Such breaches of personal client details from major auction houses could allow cybercriminals to carry out well-targeted phishing or smishing attacks against customers.
Christie’s says it has notified the relevant regulatory authorities about the incident. The company is still investigating the full scope and impact of the Christie’s Data Breach .
It has also notified the impacted individuals directly and offered them support. Overall, this was a major security lapse at Christie’s that exposed the personal information of nearly 46,000 customers and others. The company will need to overhaul its cyber defenses to prevent such incidents.