Bidders Blocked as Cyber Attack Derails Christie's $884 Million Art Auctions

The success of Christie's multi-million-dollar art auctions has been put in jeopardy after a cyber attack blocked bidders from submitting online bids.

The iconic auction house was forced to set up an entirely new website for live auctions after it failed to get the site up and running in time for last weekend's bids, with many people being forced to big in person and by phone in one of the most important art sales of the year. 

The outages began on Thursday night, a few days before it was planning on auctioning roughly $840 million worth of art. 

Christie’s employees assured some clients in the galleries that its website would be fixed “imminently.” 

But on Saturday afternoon, when the company still had not regained control, it replaced a temporary landing page on the site since Thursday with another temporary website produced through a free web design company called Shorthand. 

The website remains still offline as of Tuesday 14 May, and Christie’s was forced to postpone its Michael Schumacher Watch Auction because of the Cyber Attack.

But the historic auction house was still able to hold a charity auction for watches on Friday in Geneva, which was itself postponed from its original 2023 date. The Only Watch auction raised 28m Swiss Francs (£26.4m) to accelerate research into Duchenne muscular dystrophy.

“Looking ahead, we are pleased to confirm all our live auctions this week will take place as scheduled, with the exception of the Rare Watches sale in Geneva that we postponed by one day to tomorrow, 14th May,” the company said in an updated statement yesterday

“We apologize that our full website is currently offline. We are looking to resolve this as soon as possible and regret any inconvenience,” Christie’s said in a message to its users. 

“While our usual website remains offline, our clients will be able to bid securely in person, on the phone, by absentee bid and online via Christie’s LIVE.”

Second cyber attack in less than a year

Christie’s is still yet to reveal who or what exactly caused its computer systems to collapse. It referred to the incident as a “technology security issue” but did not specify what type of attack it was dealing with or if any data had been compromised.

Still, the possibility of a cyber attack impacting customer data is possible - especially since it’s not the first time the auction house’s data has been exposed by hackers. 

In August last year, a similar breach at an auction house revealed the exact whereabouts of art owned by some of the world’s wealthiest collectors. In that attack, hundreds of Christie’s clients who had uploaded photographs of their prized paintings and sculptures for the auction house’s review were affected by the cybersecurity incident.

Read: Biggest Cyber Attacks in History

“Unfortunately, it only took us a few minutes to come across this serious vulnerability,” Tschirsich told the Washington Post at the time “The vulnerability is so simple that it can be exploited by anyone with a browser within a few minutes.”

“Around 10 per cent of the uploaded images contain exact GPS coordinates,” the researchers told the Post.

“Like a grenade in a small room”

Christie's New York auctions will begin this evening with the sale of works owned by art collector Rosa de la Cruz, to be followed by art collections spanning the 20th and 21st centuries.

The 20th-century art collection, itself valued at $500m, includes art by Pablo Picasso, Georgia O'Keefe and Andy Warhol, and could account for as much as half the revenue Christie’s annual revenue.

Any issues – especially the loss of confidential client data – could be devastating. “A cyber-attack like this is the 21st-century equivalent of a hand grenade in a small room,” the art market lawyer Thomas Danziger told the Times.

Still, the New York spring sales are less vulnerable to online interferences because high-profile buyers often bid in person through an art adviser or directly by phone through a Christie’s representative rather than through their website. 

Either way, the cyber attack will be seen as embarrassing for Christie’s owners, the Pinault family, which controls the auctioneer through Groupe Artémis. It also casts yet another shadow on the struggling high-end art industry.  

A Bank of America study recently found that the average price of artworks sold at auction in 2023 decreased by 32%. Not only were buyers expecting lower prices, but sellers were holding back until “demand regains its prior price elasticity,” leading to less sales overall. 

“The art market is still in search of price equilibrium years after coming off the highs of 2021,” the bank said.