Most of us have probably never placed a bid at the high-end Christie’s auction house. But 45,798 people are being notified of an attack on Christie’s system between May 8 and May 9 of this year. During the attack, some files were copied. Because Christie’s deals in fine art and antique auctions as well as private sales, the stolen data may well contain personal information on high-wealth individuals.
The incident was reported to Maine and other state attorneys general on June 7.
A copy of their notification template does not specify exactly what types of information were involved (the template uses variables), but in disclosing a phishing incident in 2017, Christie’s provided some information on what types of information they were storing in email accounts at the time. If they are still storing those data types in their system, they would potentially include: name, personal or business address(es), personal or business phone number(s), credit or debit card number, date of birth, or government-issued identification number. All the submission form to Maine indicates is that “Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number” were acquired.
Christie’s is offering those affected one year of complimentary mitigation services.