Officials at auction house Christie's said on Saturday that the company lost control of its official website in a hack last Thursday, and the mega sale that accounts for nearly half of its annual revenue comes even as the loyalty of its millionaire customers is being tested. announced that it would continue. Spring auction.
On Sunday night, Christie's chief executive Guillaume Cerutti confirmed in his first public statement since the cyberattack that eight auctions this week would go ahead as scheduled, with in-person and telephone bidding. (The sale of rare watches has been postponed until May) 14). “We look forward to welcoming you to our exhibition and registering to participate in our auction,” he said in his emailed statement. Neither Cerruti nor a spokesperson for the auction company responded to questions about how the online portion of the auction would continue.
On Thursday, Christie's encountered what it called a “technical security issue” that took its website offline, with an apology and a promise to “provide customers with further updates as appropriate.” By Sunday, the site was still down.
This is the second time in less than a year that Christie's has suffered a data breach. In August, a German cybersecurity firm disclosed a data breach at an auction house that exposed the location of art belonging to some of the world's wealthiest collectors.
Last weekend, dozens of these potential buyers gathered at the company's gallery in Manhattan's Rockefeller Center to view and discuss bids for the priceless artwork, which is estimated to have a total value of about $840 million. An employee led a private tour past Andy Warhol's giant 1964 silkscreen painting “Flowers,” with a high estimate of $30 million, and down toward the more affordable daily sales. Please put your money in the grave with me.'' The amount was a hefty $600,000.
Christie's employees assured some of the gallery's customers that the company's website would be fixed “soon,” but the company had not yet regained control Saturday afternoon. The temporary landing page above was created by a free web design company called Shorthand. The temporary site allows viewers to browse his online catalog of upcoming sales, but does not allow them to bid or register online.
Behind the scenes, two auction house employees who requested anonymity because they were not authorized to speak publicly said top leaders remained silent about the details of the security breach, refused to answer questions from employees and panicked. Stated. Whether the hacker has access to sensitive information about the client and holds it for ransom.
Several prominent buyers and sellers also said they were not informed of the incident and were not informed of the hack until they received calls from reporters.
“A cyberattack like this is like a grenade in a small room in the 21st century,” said Thomas C. Danziger, an art market lawyer who often represents clients at auctions. “Twenty-five years ago, it would have been a flood or a hurricane.”
Art advisor Wendy Cromwell said serious buyers would find a way to do business with the auction house even in the face of technical problems.
“It's clearly a nightmare considering all the payment data and buyer data they have. I have not heard from Christie's regarding my company's account,” she wrote in an email.
But when it comes to upcoming auctions, he says, “I plan to attend the evening sales in person. I don't normally bid online.”
As collectors milled through the gallery Saturday afternoon, the receptionist said Cerruti was not in the office. Cerruti took over the reins of the company in 2016 at a time when the auction house was struggling to find viable real estate and inventory to attract new buyers.
The hack was ill-timed not only for Christie's executives, but also for the Pinault family, which controls the auction house through its holding company Groupe Artemis. Artemis also runs luxury group Kering, which owns fashion brands such as Gucci and Balenciaga, and is run by billionaire François-Henri Pinault, who is also Artemis' managing partner (his father is the head of the family). (along with François Pinault).
Kering said in March that first-quarter sales for Gucci, its biggest brand, were down nearly 20% year-on-year, and that it forecast a 10% decline in group revenue for the first three months of 2024. issued a warning.
The Christie's hack also occurred during a leadership change. François Pinault's 26-year-old grandson, Francois-Louis Nicolas Pinault, replaced the business mogul as a director of the auction house earlier this year. Representatives for his family did not immediately respond to a request for comment Saturday.
Other major auction houses, Sotheby's and Phillips, said they had not suffered any cyberattacks in recent weeks.
Chelsea Binns, a cybercrime expert who teaches at the John Jay College of Criminal Justice in Manhattan, says most companies are unprepared for hackers and need to be prepared by training and creating backup plans. He said there is.
“But it's only a matter of time,” she said. “There’s a little bit of denial about reality.”
Additional reporting by Julia Halperin and Vanessa Friedman in New York.