Following a significant cyberattack that affected the high-profile auction organization, Christie’s, the company still proceeded with another bidding event the next day despite the hit its database took.
Christie’s held two major sales that totaled $114.7 million on Tuesday night. That number failed to surpass the $267.3 million made by the company’s rival, Sotheby’s, the night before, though it was still a substantial showing given the problematic circumstances.
Just hours before the auction was due to start, Christie’s website was still down, fueling fears that the financial data of its affluent clientele was the hostage of hackers. Before the sale, advisers said that the inability to use Christie’s website was a major concern for consignors.
Meanwhile, Christie’s chief executive Guillaume Cerutti told the Wall Street Journal the house had “gone into overdrive” to reassure some of the world’s wealthiest collectors that business was proceeding relatively as usual.
This particular cyberattack points to a larger pattern of online-based distributors getting hacked and having their information exploited for profit.
“Anywhere there is money somewhere on the internet, attackers have been exploiting vulnerabilities to their benefit,” said Jamie Boote, associate principal consultant at the Synopsys Software Integrity Group.
“This is far from the first auction-related attack. There’s even a class of exploits known as ‘eBay Attacks’ where attackers used to exploit the five-minute account lockout to freeze out other bidders from raising the prices on goods they wanted to win. This was because eBay used to list the account names of other bidders, and all the attacker had to do was enter in the displayed user name and a wrong password 3-5 times in succession, and that user wouldn’t be able to log in and bid.”
Christie’s CEO, Guillaume Cerutti, shared the news of the attack on LinkedIn on Monday, describing the incident as a “technology security incident” and assuring that it has established protocols to manage such situations.
Despite the website outage, basic information about the auction items can be accessed via an alternative website provided by Christie’s.
While it’s unclear when the company’s database will be fully restored, Christie’s decision to hold an auction shows they are at least in recovery from the virtual breach.