‘Cyberattack’ shutters Christie’s website days before $840M art mega-auction – Source: go.theregister.com

Christie’s website remains offline as of Monday after a “technology security issue” shut it down Thursday night – just days before the venerable auction house planned to flog $840 million of art.

As of Friday morning and still today, Christie’s redirects visitors to a temporary website, reportedly due to a cyberattack. It’s not thought, at the moment, that any customer data has been stolen.

The temporary site right now has the following message on it:

In a statement to the media, Christie’s confirmed “a technology security issue has impacted some of our systems, including our website.” The auction house did not immediately respond to The Register‘s inquiries on how the digital intruders broke in, what data (if any) they stole, and when Christie’s expected to have its main website back online. 

Christie’s did confirm its art mega-sale would continue as planned this Tuesday, but with bidding in person and by phone — not online. “We are looking forward to welcoming you to our exhibitions and to registering you to participate in these auctions,” CEO Guillaume Cerruti said.

The latest security snafu comes less than a year after Christie’s inadvertently leaked location data belonging to hundreds of high-end art owners seeking to sell their paintings at auction.

That blunder, which came to light in August, was basically a privacy oversight by Christie’s website, which allowed would-be customers to upload photos of the art they were seeking to sell. 

As noticed by some clever clogs, some of these uploads included precise GPS coordinates revealing the exact location of some very pricey pieces. These physical addresses — which could guide would-be thieves to the buildings where the art resided — were publicly available to anyone online via the Christie’s website, which had failed to strip out this location metadata from submitted snaps.

Christie’s said it has addressed that error. Another security slip-up, however, isn’t a good look for the British auction house.

• Europol confirms incident following alleged auction of staff data
• Cybercriminals hit jackpot as 500k+ Ohio Lottery lovers lose out on their personal data
• CISA boss: Secure code is the ‘only way to make ransomware a shocking anomaly’
• AI red-teaming tools helped X-Force break into a major tech manufacturer ‘in 8 hours’

Meanwhile, cybercriminals continue their all-out assault on organizations across the globe, with recent break-ins and data-theft incidents hitting a wide range of targets from Europol to the Ohio Lottery.

These types of high-profile compromises were a hot topic of discussion among US officials and private-sector security firms alike at last week’s RSA Conference. 

According to Jen Easterly, director of the US government’s CISA, the only way to make cyberattacks, including ransomware infections, a “shocking anomaly” is by holding technology makers — not end users — accountable for making their products more secure. ®

Updated to add on May 13

Christie’s has been in touch again with some more details:

PS: UK newspaper publisher Newsquest, which is behind titles from the Oxford Mail and Southampton’s Daily Echo to the Glasgow Times and Lancashire Telegraph, had its websites defaced by miscreants claiming to be Russian hackers over the weekend.