Since last Thursday (May 9), the website of the renowned British auction house Christie’s has been offline due to a cyber attack.

The website was initially taken down, before a placeholder page went live, which currently states that Christie’s is “looking to resolve this as soon as possible and regret any inconvenience.”

The cyber attack was opportunely timed, occurring just before the firm’s series of spring auctions, which this year comprise lots worth an estimated £670m ($845m). Among the lots were eight watches from the private collection of motor racing legend Michael Schumacher, which sold yesterday for CHF4m ($4.4m). A Vincent Van Gogh painting entitled Coin de jardin avec papillons worth $35m is due to be auctioned tomorrow (May 16).

While the auctions have largely gone ahead as planned, the attack has tested the loyalty of prospective buyers due to the ease of bidding being slightly curtailed.

Christie’s response

In a statement Christie’s stated it “has in place well-established protocols and practices, which are regularly tested, to manage such incidents.”

Despite this, almost a week after the incident, the website has not been fully reinstated.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The auction house has kept the show on the road by setting up a stripped-back backup site where items due to be auctioned are available to view. Bidding has occurred in person, over the phone or via Christie’s Live. Christie’s has said that those wanting to bid online must do so only via a secure link supplied by it directly to potential bidders.

The full extent of the cyber attack remains unclear, with no statements hinting specifically what information has been compromised.

It is not the first time Christie’s has had to navigate cyber security concerns. In 2023, location data was attached to images on Christie’s website of artworks and items owners were attempting to sell. This compromised the locations of artworks, providing very accurate information about where items were stored and leaving them vulnerable to theft.

Cybercrime is on the rise.

Of the growing sophistication of attacks, Steve Bradford, senior vice president EMEA at cloud security firm SailPoint, told Verdict: “Criminals have got cybercrime down to a fine art, with auction house Christie’s being the latest organisation to fall victim to a malicious attack.”

“In today’s threat landscape, the stakes have never been higher. Hackers are employing ever more sophisticated tactics in the pursuit of lucrative returns, and no industry is untouchable.”

Bradford added: “Many of these attacks, at their root, come down to some sort of compromised identity. Organisations must take a multi-layered approach to security.”

To mitigate the potentiality of attacks, Bradford stressed that companies need strong visibility over who can access what in their systems.

Following cyber attacks, a persistent issue for companies is identifying exactly what information has been compromised to respond correctly. A lack of information about how much or specifically what information has been compromised or exfiltrated can have significant consequences for the image of a company in the wake of an attack.