by A ransomware hack was the last thing a volatile fine art market needed – but that’s what it got when Christie’s website went down days before the start of its crucial May 20th and 21st century auctions in New – York.
Guillaume Cerutti, CEO of the French-owned auctioneer, bluntly called the attack a “technological security incident”. Christie’s put its auction catalogs on a separate site, the sale went ahead with sales of $640m, and 10 days later the website came back to life.
Related: A glass church framed by redwoods is coming down, piece by piece: ‘It’s a crying shame’
But that was not the end of it. The hack was not really an “incident” and sent shock waves through some of the art world’s richest people in the latest example of how cybercrime – and in particular the theft of personal information – is becoming a booming industry.
The cyber extortion group RansomHub has now claimed responsibility for the hack in a message on the dark web, along with a sample of information that claimed they had access to “the world’s sensitive personal information”.
The hacker’s message included a countdown clock so that when the predator threatened, they would release the data he had stolen. But they also said they had “tried to find a reasonable solution” until Christie’s negotiations with the gang ended abruptly.
Christie’s, which reported global sales of $6.2bn last year, has stressed that it found no evidence that the hackers had compromised “any financial or transactional records” and only took “a limited amount of personal data”.
This is not the first time cyber attacks have hit auctioneers, dealers and art fairs. In 2021, Art Basel dealers received a warning that their information may have been exposed.
Last year Christie’s revealed the location details for hundreds of works on consignment. The Art Newspaper reported in 2017 that clients of nine galleries were hit by a simple phishing operation using fake invoices involving a scammer impersonating a figure at a gallery to get paid by a collector for artwork.
“While Christie’s latest breach may not have involved financial information, it may have contained contact information for their high-net-worth clients – and that could be worrying as further cybercrime could lead to it,” said Dr. Chris Pierson, CEO of BlackCloak. , a company that specializes in securing the digital lives of high profile people and their families.
“The main issue at Christie’s is reputation and they have to get ahead of it in terms of communicating with their clients and making sure they know what information is out there so they can protect themselves and be on the information about what Christie’s is doing to ensure it does this. won’t happen again,” Pierson added.
But exposure of any kind is not welcome. The art market relies on discretion and opacity. For dealers, both private and public salesrooms, success depends on matching buyers with sellers, and knowing who got what and who wants to buy.
But that information is unlikely to be in a database, says one knowledgeable private dealer, because it is the province of specialists to jump from one auction house to another, or to a private gallery, on the basis of that information. Last week, for example, it was announced that Sotheby’s Brooke Lampley, the auctioneer’s global chairman and head of global fine art, who previously led Christie’s impressionist and modernist teams, was joining Gagosian.
However, art market lawyer Thomas C. Danziger warned ARTnews, “to a savvy hacker, the Monet consignor’s personal details may be worth as much as his bank PIN”.
But mega-wealthy art buyers and sellers often work behind a system of agents and advisers, and dealers said this month that the auctions were noticeably under-attended and the bids thin – which suggesting that buyers were already in place for the big-ticket works. and many through a system of third party guarantees.
“They were pulling bids from the chandeliers,” says one private dealer.
The opacity of that system was the central issue in a lawsuit in New York this year when billionaire Russian art collector Dmitry Rybolovlev lost a legal battle with Sotheby’s over his claim that the auctioneer had colluded with a Swiss art dealer who was collecting fees as both dealer and dealer. agent and, Rybolovlev claimed, cheated him out of over $160m.
The threat of art fraud, often involving false identification, has helped create a growing industry of security specialists, some offering AML (anti-money laundering), anti-sanctions and KYC or “know-yourself” services. on your client”.
RansomHub, the extortion group trying to take down Christie’s, is one of about 30 different gangs that deliberately change their names and affiliations and operate out of Russia or the former Soviet Union.
Pierson BlackCloak says whether or not to pay the demands is a business decision.
“In this case, if Christie’s is in full swing and this is just an extortion attempt to prevent being named or names being released, it’s less likely that a ransom will be paid because this is a celebrity issue ,” Pierson said.
Private dealers hope that problems at public auction houses will change the business. But art sales across both are hard to come by. May sales in New York are down 50% from 2022. Sotheby’s job losses are set in London, with further cuts likely at locations in Europe and New York.
Christie’s, which is owned by Francois Pinault, has not announced similar measures, but much of the art at the business is also moving behind closed doors. Dealer Larry Gagosian noted the obvious: his latest show, Icons from a Half Century of Art, is strictly booked.
